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Awaiting a Tools Buyer, 
Borland Restarts Turbo 



BY JENNIFER DEJONG 

On the verge on naming a buyer 
for its tools group, Borland Soft- 
ware has revived its Turbo brand, 
which dates back to the compa- 
ny's 1983 beginnings. 

Borland announced last month 
Turbo Delphi for Win32, Turbo 
Delphi for .NET, Turbo C++ and 
Turbo C#. Aimed at students, 
hobbyists and other individual 
developers, the tools are essen- 
tially single-language versions of 
Borland Developer Studio, the 
company's development environ- 
ment for Microsoft Windows and 
.NET applications. Bringing back 
the Turbo line "re-ups our focus 
► continued on page 26 




Turbo helps refocus Borland on 
developers, says Intersimone. 



Sun Eyes Baking AJAX 
Functionality Into JSF 



BY ALEX HANDY 

With JSF/AJAX com- 
ponents from Exadel 
and IceSoft paving 
the way, the combi- 
nation of JavaServer 
Faces and Asynchro- 
nous JavaScript and 
XML could become a 
focal point for the 
next revision of JSF. 

In August, Exadel 
posted an open-source 
project on Java.net con- 
sisting of 25 AJAX com- 
ponents for JSF. And in ^^^ 
July, IceSoft released its enter- 
prise edition of IceFaces, its 
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for use with JSF. Now, 
Sun Microsystems is 
talking to both compa- 
nies about how these 

^^" functionalities can be 

integrated into JSF 2.0. 

Ed Burns, Sun's lead developer 



own set of AJAX components of JSF, explained why he believes 



JSF and AJAX mix so well. 'When 
you have an individual JavaScript 
library sending data back up to the 
server without regard for what's 
happening on the server, then 
you're limited on what the server 
side can do," he said, creating 
► continued on page 21 



U.S. Leadership on Cybersecurity 'AWOL 

Homeland Security stalled on naming czar, accepting development guidance 




BY JENNIFER DEJONG 

How secure is cyberspace? 

Not very — if the U.S. Department of 
Homeland Security's lack of attention to the 
issue is any indication. 

The position of DHS cybersecurity chief 
has been vacant for nearly two years. And 
while sources concerned with cybersecurity 
issues said the DHS is close to naming an 
acting assistant secretary for cybersecurity 
and telecommunications, the appointment 
is likely to be seen as little more than a stop- 
gap measure. 

"We are operating without a cyberspace 
czar," said Ron Moritz, chief security officer 
for Islandia, N.Y. -based software company 
CA. He declined to comment on whether 
the DHS appointment is imminent. But he 



said that until DHS names a permanent 
official to head its cybersecurity effort, the 
private sector cannot establish a true part- 
nership with government around this issue. 
"It is important that a permanent DHS 
[assistant secretary for cybersecurity] be put 
in place quickly." 

Among other things, the lack of leadership 
has left DHS unable to respond to a set of 
recommendations for developing secure soft- 
ware, drafted in 2004 by a task force known as 
Improving Security Across the Software 
Development Lifecycle. The group created a 
body of knowledge, and Moritz, who co- 
chaired the task force with Microsoft vice 
president of trustworthy computing Scott 
Charney, said, "It is frustrating not having 
► continued on page 18 



Leopard's 
Champing 
At 64-Bit 



BY ALEX HANDY 

SAN FRANCISCO — Complete 
64-bit compatibility and a new 
version of its Xcode development 
tools are among changes planned 
for Mac OS X 10.5— code- 
named Leopard — that Apple 
announced at its Worldwide 
Developers Conference here in 
early August. 

Apple also announced that by 

October, all of its Macintosh 

computers would be running on 

► continued on page 25 
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Sun Reveals Details of Open-Source Java 

Most of ME available this year, SE open by 2007, both under OSI-approved license 



BY ALEX HANDY 

SAN FRANCISCO — Sun 
Microsystems announced at the 
LinuxWorld Conference here 
in mid-August that it will open 
the source code for most of the 
Java Micro Edition platform by 
the end of this year and that 
Java Standard Edition would 
follow soon after. 

Alan Brenner, Sun's vice 
president of mobile and 
embedded, said at a press con- 
ference that with the entire 
Java ME team working exclu- 
sively on transitioning the lan- 
guage's code to open source, all 
but parts of the CDC stack will 
be ready this year "There are 
pieces of the upper stack on the 
CDC side that probably won't 
be finished," stated Brenner 

Brenner gave few details 



about Sun's plans for a Java 
ME development community, 
however, mentioning only in 
his closing remarks that he 
hopes the open-source com- 
munity will bring more diversi- 
ty to the platform. 

"There are a variety of hard- 
ware architectures and operat- 
ing systems that we would like 
to see filled out and supported 
in our implementation. We're 
[also] hoping to attract the 
attention of the hardware ven- 
dors," said Brenner. 

Developers can provide input 
and track progress of Sun's 
efforts at community.java.net 
/j dk/opensource . 

Adam Jollans, open-source 
strategy manager for world- 
wide marketing strategy for 
the IBM software group, 



'We're hoping to 
attract the attention 
of the hardware 
vendors.' 



—Alan Brenner, 

Sun's vice president 

of mobile and embedded 

asserted that the community is 
the most important part of 
open-sourcing Java. "It isn't 
just about publishing source 
code. It's about how you build 
a vibrant community that will 
take it forward," said Jollans. 
"This is something we learned 
a lot about with Eclipse. That's 




the sort of model that has to 
be set up. If there's one com- 
pany dominating it, then you 
won't get the same type of 
community." 

According to Brenner, Sun 
also will continue to offer a 
commercial version of Java 
ME. "So we'll also be looking at 



Linux Hits Phones, Desktops 

LinuxWorld Conference demonstrates readiness of OS 



BY ALEX HANDY 

SAN FRANCISCO 
message at this 



The 



summers 
LinuxWorld Conference held 
here in mid- August was that the 
Penguin's operating system is 
finally ready for prime time use 
by everyday people and in 
everyday devices. 

Mixed in among the many 
enterprise-centric exhibits were 
newcomers to the show, such as 
Motorola and Canonical, ere- 
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Trolltech's Greenphone is part 
of a Linux-based development 
environment for mobile apps. 



ator of Ubuntu Linux. 
Motorola showed off 
its new RAZR and 
other Linux-based mobile 
phones, and said it will offer 
them in the United States like- 
ly by early next year. Canonical 
was demonstrating the ease 
and versatility of its version of 
the operating system, as was 
Novell, now a regular fixture 
at LinuxWorld. Both offer dis- 
tributions specifically targeted 
at desktop PCs. 

Novell showed SUSE 10— 
now called openSUSE — featur- 
ing Xen visualization, Xgl 
graphical bells and whistles, 
and a slick desktop that rivals 
the Mac OS for animation. Also 
announced at the show was a 
new partnership with Lenovo to 
offer Thinkpads with SUSE 
Linux preinstalled. 

New faces at LinuxWorld 
also included folks from Palm- 
Source — now a subsidiary of 
Access — which released its 
libsqlfs library under the 
LGPL. Part of the Access Linux 
Platform (ALP), the library pro- 
vides an easy way to add an 
OMA Device Management- 
compliant read-write system to 
the SQLite package. The 
library is available now at www 
.palmsource.com/opensource 
/downloads. html. The company 




also launched a devel- 
oper network to help 
build out the environ- 
ment of mobile Linux applica- 
tions for ALP. 

Trolltech announced the 
availability of the Greenphone, 
a Linux-based development 
platform. Greenphone is a 
GSM/GPRS phone that's built 
to be flashed and reflashed with 
prototype applications. 

Elsewhere on the 
show floor, rPath 
announced the avail- 
ability of rBuilder 2.0. 
The tool automates much of 
the work associated with build- 
ing a software appliance by 
handling the configuration of 
an underlying Linux install on 
which the core application can 
run. New to version 2.0 are 
enhanced remote updating 
capabilities that simplify 
deployment of new code, and 
facilities for the creation of 
demos and trial versions of an 
appliance, which can be 
burned onto a live bootable 
CD or DVD. 

Members of the Linux Test 
Project were on hand to show 
off their massive database of 
test cases. The draw for Linux- 
based QA teams is the massive 
number of predesigned tests 
that can be had through the 



LINUX 
DRIVER 
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project. Michael Reed, staff 
software engineer at IBM, and 
the lead maintainer of the Lin- 
ux Test Project, said that the 
project has garnered more 
than 2,900 separate tests, rang- 
ing from kernel-targeted suites 
to tests designed to poke data- 
bases. 

Intellectual property pro- 
tection software company 
^^^ Palamida announced 
IP Authorizer 1.0. The 
tool helps development 
teams deal with licens- 
^^^h ing issues surrounding 
third-party code that they inte- 
grate into their applications. 
The tool offers a central sys- 
tem and method of communi- 
cation for internal enterprise 
discussions regarding third- 
party code. IP Authorizer 
brings the lawyers, managers 
and developers into a single 
process of approval. 

ANTs Software announced 
version 3.6 of its database man- 
agement software. The ANTs 
Data Server 3.6 adds support 
for 64-bit Windows and Linux 
implementations as well as 
compatibility and performance 
enhancements. 

EnterpriseDB announced 

the immediate availability of 

the EnterpriseDB Replication 

► continued on page 24 



improving the usability of the 
code," he said. "[Sun is] very 
much focused on making it easy 
to use our software and being 
an implementation specialist 
around that open-source code- 
base." Brenner was unable to 
point at a specific license under 
which Java ME would be 
released, but said it would be 
one of those approved by the 
Open Source Initiative (OSI). 

Laurie Tolsen, vice presi- 
dent of developer products 
and programs at Sun, said, 
"Our primary focus is keeping 
compatibility." Tolsen said that 
she expects the open-source 
community will also enforce 
compatibility standards on the 
code they contribute, since the 
primary benefit of Java is reli- 
able compatibility. 

Ari Jaaksi, open software 
platform director for Nokia, 
said that he hopes the move to 
open source will end the 
fragmentation that currently 
plagues the platform. Jaaksi 
also said that his company has 
been in discussions with Sun 
about the move to an open- 
source Java, but he declined 
to comment further on the 
discussions. 

OPEN STANDARD EDITION 

Sun said source code for some 
parts of the Standard Edition 
will be available this year, 
also under an OSI-approved 
license, and that by early next 
year the majority will be open, 
distributed in a buildable form. 

Tolsen said it is likely that 
Sun will release the Javac Java 
compiler and the Hotspot Vir- 
tual Machine this year. 

One of the main concerns 
for the move into open source, 
said Tolsen, is the design of the 
development community. She 
said that setting up proper facil- 
ities for contributors and the 
actual construction of such a 
system is proving to be a great 
deal of work. 

Tolsen also hinted at a pos- 
sible realignment of Java SE 
and EE (Enterprise Edition). 
"We are also looking at reap- 
portioning the Java brand. 
People have come to rely on 
the Java brand write once, run 
anywhere. The community 
will enforce that. They can't 
afford to have noncompatible 
forms," said Tolsen. I 
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, COMPANIES , 



Microsoft has confirmed reports that it will not continue development 
of its Virtual PC for Mac technology, acquired from Connectix in early 
2003, on the grounds that porting Virtual PC to Intel effectively meant 
starting from scratch in what is suddenly a competitive market . . . CA 
and Meta Integration Technology have agreed to embed Meta's Mod- 
el Bridge (MIMB) into CA's AIIFusion Erwin Data Modeler with the goal 
of improving designer productivity by automating the job of integra- 
tion, speeding up response time to changing business requirements. 
MIMB assists organizations in getting the most out of data modeling 
by helping to implement metadata management strategies, according 
to the companies . . . Fortify Software and Watchfire have agreed to 
integrate their application vulnerability solutions. Fortify's Source 
Code Analysis Suite helps find the exact spot in code where vulnera- 
bilities exist, and Watchfire's AppScan looks for such weaknesses as 
cross-site scripting and buffer overflows in production-ready applica- 
tions. Together, the companies claim, the integrated solutions provide 
security coverage throughout the software development life cycle. 



NEW PRODUCTS 




The SCO Group is shipping its EdgeBuilder mobile application devel- 
opment toolkit as a plug-in for Microsoft's Visual Studio 2005 devel- 
opment environment. SCO is looking to provide ease of use for 
Microsoft developers who want to create and deploy 
rich mobile applications and services on SCO's 
EdgeClick mobile development platform. SCO also 
announced it has joined the Visual Studio partner program, which will 
enable it to redistribute Visual Studio 2005 with the integrated prod- 
ucts . . . VistaDB has released a preview of its fully managed SQL data- 
base engine for Microsoft's .NET and Compact Frameworks, Windows 
Vista and Mono. The company claims that for the first time, develop- 
ers can build fully managed WinForms and ASP.NET database applica- 
tions for desktops, mobile devices and Web servers using VistaDB 3 
. . . VMware has announced plans for a version of VMware for Mac OS 
X that will support virtual machines of x86 operating systems, includ- 
ing Linux, NetWare and Solaris, as well as Windows. A beta will be avail- 
able later this year. 



UPGRADES 



■wanrw 



Orinda, Calif.-based IC Soft has released icTracker 7.2, an update 
to its project management and bug-tracking software with the capa- 
bility of making tasks recur daily, weekly, month- 
ly or yearly. The new feature eliminates the need 
to continually update a project with recurring tasks by allowing 
managers to set up the tasks at the beginning of a project 
. . . SoftBrands has released version 8.4 of its Fourth Shift Edition 
ERP system for SAP Business One, which adds support for Business 
One 2005 SP1 and multiple databases. It also adds modularized lan- 
guage features aimed at customers that want to support multiple lan- 
guages without installing multiple software versions . . . Parallels has 
released a beta version of the first update to its namesake Parallels 
Desktop for Mac, and announced that it expects to ship the update 
shortly. The update offers improved support for USB, better perfor- 
mance for graphics and shared folders, and selective hard disk 
caching. It also addresses shortcomings in keyboard support. 



, PEOPLE , 



The Agile Alliance, a nonprofit group that promotes the concepts of 
agile software development, has named seven new board members: 
Jennitta Andrea, ClearStream consultant; Todd Little, senior devel- 
opment manager for Landmark Graphics; Ryan Martens, founder 
and CTO of Rally Software; Elizabeth Hendrickson, president of 
Quality Tree Software; Mike Griffiths, senior technical director at 
Quadrus; Willen Van den Ende, Living Software consultant; and 
Mary Lynn Manns, a professor at the University of North Carolina- 
Asheville. The alliance's new chair is Rachel Davies, founder of Agile 
Experience. I 
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CodeArmor lets users create encryptions and decryptions to verify that functions have not been tampered with. 

Vi Labs Protects 
Apps With CodeArmor 



BY ALEX HANDY 

Encrypting the internals of an 
application and attaching a 
small debugger that always 
runs inside of the program are 
two methods used by Vi Labs' 
new CodeArmor application 
protection software to stem the 
tide of trojan horses and hack- 
er invasions. While the compa- 
ny will be releasing version 2.0 
of this tool in mid-September, 
it has already tested these 
capabilities behind closed 
doors with a limited release of 
version 1.0. 

The company's new security 
product automatically protects 
any compiled Windows binary 
from decompilation, malware 
injection and piracy. The tool 
automatically adds these pro- 
tections to finished applica- 
tions without the need for 
source code or recompilation. 

Victor DeMarines, director 
of product management for Vi 
Labs, said that CodeArmor can 
be set to automatically protect 
functions within an applica- 
tion, or it can add encryption 
and protections to specific 
functions, such as license 
checks or the code that com- 
mits changes to a database. 
DeMarines also said that 
CodeArmor's agent is injected 
into the application and 
requires no outside frame- 
works or runtimes to work. 

Once injected, CodeArmor 
checks and verifies that func- 
tions have not been modified by 



checking predetermined valida- 
tion sums that it keeps inside 
the application for verification 
purposes. 

In addition, the CodeAr- 
mor agent associates itself 
with the application's func- 
tions as a debugger, thus pre- 
venting other debuggers from 
being run within Windows to 
check the code. This works 
because Windows allows only 
a single debugger to be run- 
ning against an application at a 
time. 

THE ENCRYPT KEEPER 

The encrypted sections of the 
program, added DeMarines, 
are decrypted on-the-fly, com- 
pared for validity, then re- 
encrypted and hidden once 
they're no longer in use. These 
encrypted sections of the pro- 
gram are determined by the 
developer, and can be limited 
to singular functions, or can be 
used on the entire program. 

"At runtime after [CodeAr- 
mor] decrypts the function, we 
are verifying that function has 
not been tampered with. If 
someone was smart enough to 
inject their code or take advan- 
tage of a buffer overflow, we 
detect that, and do not allow it 
to run, and then we try to self- 
heal," said DeMarines. "We 
have the original function resid- 
ing in the secure execution 
monitor." 

Version 2.0 of CodeArmor 
will feature a more heavily pro- 



tected agent that will help to 
prevent the actual CodeArmor 
protections from being circum- 
vented by hackers. 

The new version will also 
feature more easily automated 
protection injections. Current- 
ly, the tool offers simple auto- 
mated protections based on the 
size of a function. Version 2.0 
will offer additional methods of 
automatically adding function 
protection, though DeMarines 
could not elaborate on these at 
press time. 

While he did admit that his 
company's tool adds some 
latency and size to an applica- 
tion, DeMarines insisted that 
the slowdowns never reach 
past about 5 percent of normal 
speeds. 

CodeArmor currently runs 
only in Win32; future versions 
will add support for Unix appli- 
cations. Enterprise pricing is 
US$18,000 per application, 
while ISV pricing is based on 
the price of the application 
being sold with protection inte- 
grated. 

While purchase of CodeAr- 
mor does include 24x7 tech 
support, DeMarines said that 
it's rarely used by customers 
beyond the initial install peri- 
od. "Once the organization 
evaluates and applies it to 
their product and does testing, 
we normally don't see any oth- 
er issues after they start dis- 
tributing and releasing the 
product," said DeMarines. I 
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With New Intel Tool, Parallelism Is Elementary 

Threading Building Blocks for C++ simplifies design of multicore applications 



BY EDWARD J. CORREIA 

Adding parallelism to C + + 
applications can be reduced to 
child's play, according to Intel, 
which on Aug. 28 introduced 



Threading Building Blocks, a 
library that it says simplifies the 
job of leveraging multiple cores 
in 32- and 64-bit architectures. 
Earlier in the month, the 



company updated its Thread 
Checker and Thread Profiler 
Windows tools for the new 
library and introduced Thread 
Checker for Linux, claiming an 



industry first. 

According to James Rein- 
ders, director of Intel software 
products, Threading Building 
Blocks offers an easy way to 
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create applications that take 
advantage of multicore proces- 
sors. "The most common way to 
express parallelism in a pro- 
gram is to create threads and 
assign work to each thread," he 
said, adding that multiprocessor 
APIs such as OpenMP permit 
such techniques as directing a 
"for- loop" to run in parallel. 
"But that's pretty limiting. 
Often you want to express more 
parallelism than that." 

Managing such threads, he 
continued, can be extremely 
code-intensive. "It's easy to 
write threaded code for a few 
threads," he said, but to scale 
much beyond that requires a 
thread queue. "And that queue 
can get bottlenecked pretty 
quickly. All you really want is an 
algorithm that works in parallel 
with thread-safe data structures 
so it will run not just on two 
processors but on four or eight." 

Reinders claimed that the 
US$299 Threading Building 
Blocks library works with most 
C + + compilers, including those 
from Apple, Microsoft and 
GNU and, of course, Intel's 
own. "The template library gets 
linked in with template defini- 
tions and header files. It's not a 
radical departure from the way 
people program." 

To add parallelism to exist- 
ing apps, developers will want 
to focus on finding areas where 
their program spends the most 
time, Reinders said, or let a tool 
such as Intel's VTune do the 
work. "You could use VTune to 
find a for-loop and change it to 
run our parallel for-loop or do 
things that work well with our 
pipeline directive." After those 
small code modifications, he 
said, "you should see results 
pretty quickly." 

Developers will have an even 
easier time, he claimed, if their 
applications already use POSIX 
or OpenMP APIs. "The building 
blocks work well in those envi- 
ronments. And you won't have 
to rewrite the entire program." 

Threading Building Blocks 
was scheduled to be available 
now for 32-bit x86 processors, 
including Intel's Core 2 Duo, 
Xeon and Pentium processors 
running Linux, Mac OS X and 
Windows; for Intel-64 versions 
of the same processors run- 
ning Linux and Windows; and 
for Itanium 2 (IA-64) running 
Linux. I 
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Fiorano to Host a Component Gallery 

Borrowing from iTunes, company tries to ease the job of assembling apps 



BY DAVID RUBINSTEIN 

Envisioning a development 
experience along the lines of 
Apple's popular iTunes music 
store, Fiorano later this month 
plans to open a component 
gallery to speed the delivery of 
applications in a world of dis- 
tributed computing. 

With iTunes, explained Fiora- 
no's CEO and CTO, Atul Saini, 
"you can pick off six songs and 
make an album. Our vision is for 
you to go to a gallery, and pick off 
three or four components — all 
will have XML interfaces — and 
voila, you've got your app." 

Saini said that an order-pro- 
cessing engine, or a service to 
return values of stock, for 
example, would be the types of 
components or services that a 
developer could find in the 
gallery. "These are at a higher 
level than a [Visual Basic] com- 
ponent," Saini noted. 

Fiorano will host the compo- 
nent gallery "initially," Saini 
said, without revealing anything 
more about hosting. It will be 
available for use on Sept. 15 in 
the recently released update to 
Fiorano SOA 2006, the compa- 
ny's services integration plat- 
form. In that release, native 
support for .NET was added, 
improving the Visual Studio 
integration and making a multi- 
platform, multilanguage envi- 
ronment available to that pool 
of developers. The platform 
now natively supports Java, C, 
C++ and all the languages asso- 
ciated with the .NET platform, 
including C# and Visual Basic. 

"In .NET, the tools are 
cooler, but there's not quite 
the stability of a Solaris," Saini 
said. "People want to develop 
in .NET and deploy in Linux." 

Fiorano will create the ini- 
tial group of components, and 
rely on contributors for others, 
whom Saini said could set their 
own pricing for their compo- 
nents. The XML interface 
allows for simple integration of 
the components, which can be 
written in whatever language 
the contributor prefers. 

"XML is expressive enough, 
and it's easy to specify," Saini 
said. Java EE Connector 
Architecture (JCA) and Java 
Message Service (JMS) inter- 
faces also will be supported, 
although Saini pointed out that 
with Java, there are memory 
issues when a large number of 



components are deployed. 
"C++ is the preferred develop- 
ment language if you want a 
fast server," he said. 

Saini also said that the 



C/C++ runtime in its Enter- 
prise Service Bus has been 
tuned for better performance, 
and the C/C++ libraries for 
messaging have added function- 



ality for high availability and 
clustering, as well as tuned algo- 
rithms focusing on flow control. 
The one drawback, accord- 
ing to Saini, is putting a neat 



label on all the new capabilities. 
"You could have a C# binding to 
a JCA interface in a C++ run- 
time on a Java server," he said. 
"What do you call it?" I 
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Galaxy Studio Revolves Around Runtime Revolution 



BY P.J. CONNOLLY 

Fans of the Runtime Revolu- 
tion rapid application develop- 
ment environment are seeing a 
new series of scripting tools 



Austin, Texas-based consultant 
that boasts "an elite band of 
experienced, agile Revolution 
programmers." 

The company develops 



replace the Revolution cross- 
platform IDE for Mac OS X 
and Windows. 

Galaxy Studio, released in 
mid-August, starts with the 



interface and tabbed script edi- 
tor, and adds succeeding layers of 
functionality, one upon the other. 
Galaxy Studio is built around 
the company's lowest-end for- 



from Daniels & Mara, an Galaxy, a series of products that Galaxy family's simplified user charge product, Galaxy Lite, 
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and adds a dictionary engine 
that runs faster than the one 
found in the native Revolution 
tools, a Project Manager that 
offers a hierarchical view of the 
"stacks" into which Revolution 
applications and datasets are 
organized, and a "message box" 
that includes a navigable com- 
mand history. Galaxy Studio 
also provides a new component 
framework that allows other 
makers of Revolution develop- 
ment tools to hook into Galaxy 
Daniels & Mara CEO and 
founder Jerry Daniels explained 
why some of the new tools 
focused on autocompletion to 
the degree they did. "One of the 
things every environment tries to 
get toward is... to have as much 
error-free scripting as possible." 
A feature with a common aim, 
named "ScriptPaint," came from 
a customer request for GUI- 
based text insertion. "You point 
the cursor over a word," Daniels 
explained, "hit a hot key, and it 
will get inserted" at the insertion 
point. Controls and other objects 
can be treated in a like fashion; 
one points at it, and with a click, 
inserts its name in the code. 

THE NEW 'SWITCHEROO' 

Another touch Daniels expects 
developers to appreciate is the 
"Switcheroo" routine, which 
allows developers to look at code 
and attributes in the same win- 
dow, switching back and forth 
with minimal changes to the UI. 

Although the company's cur- 
rent Studio, Lite and Free 
packages are aimed at hobbyist 
and solo developers, the com- 
pany has plans to release Galaxy 
in Enterprise and Professional 
editions, which will incorporate 
collaboration options, external 
framework support and formal 
project management features. 

Daniels & Mara will license 
the high-end editions on a sub- 
scription basis, at US$24 per 
month and $16 per month, 
respectively. Galaxy Studio 
costs $96. All Galaxy versions 
run on Mac OS X and Windows 
XP and require Revolution ver- 
sion 2.7 components, as well as 
a license for Revolution Enter- 
prise or Revolution Studio. 

Daniels expects that Galaxy 
Professional will ship toward 
year's end, with Galaxy Enter- 
prise following in the first 
quarter, depending on forth- 
coming releases of Runtime 
Revolution. I 
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code work. Surround SCM efficiently enables our 
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Sybase Announces 
Data Integration Suite 

Acquisitions and internal technology 
drive federation, replication, search tools 



BY P.J. CONNOLLY 

Aspiring to help customers make sense 
of disparate databases, Sybase has 
announced plans to release the Sybase 
Data Integration Suite later this year. In 
its first iteration, the suite will include 
tools for data federation, real-time event 
notification, replication and search, sup- 
ported by metadata management and 
modeling tools built around Sybase Pow- 
erDesigner and the Eclipse-based Sybase 
Workspace IDE. 

The suite "covers and spans the 
range of different styles of data in- 
tegration," according to Kathleen 
Schaub, Sybase's vice president of 
information technology solutions. 
"We're putting these together in one 
package and binding them up with 
common development tools, common 
administration, common modeling and 
metadata, so that customers can not 
only do individual projects, but they 
can accretively build more sophisticat- 
ed applications." 

The new suite is a combination of 
new technologies from recent acquisi- 
tions as well as internal developments, 
which, according to Schaub, offer 
superior economy and flexibility com- 
pared with existing point solutions or 
hand-coded attempts. 

Schaub noted that a new generation 
of applications has much broader data 
requirements. Whereas applications 
traditionally have been closely linked 
to data in almost a one-to-one relation- 
ship, "people going into the SOA world 
need to think about data in a whole dif- 



ferent way" she said. 

The data replication tools have their 
roots in Sybase's Replication Server, 
and provide access to datasets from 
across the enterprise. 

Meanwhile, a homegrown polling 
application is the foundation for 
Sybase Real Time Events, which con- 
nects enterprise databases to messag- 
ing buses, such as those from TIBCO 
or IBM's WebSphere MQ (formerly 
MQ Series). By the company's telling, 
Real Time Events minimizes the lags 
in data that are inherent in the use 
of intermittent polling and batch 
processing. 

Last year's purchase of Avaki pro- 
vided Sybase with the bits behind 
Sybase Data Federation, which the 
company positions as a way to integrate 
data from multiple sources and present 
the aggregate in a consistent, standard- 
ized fashion. 

Sybase Search — based on the 
OmniQ technology acquired in the 
2005 purchase of ISDD — allows com- 
panies to design applications that trawl 
through a variety of static and mobile 
data stores, whether they be central- 
ized repositories, document manage- 
ment systems or even an old-fashioned 
file system tree. 

Finally, the June takeover of 
Solonde gave Sybase a leg up in the 
development of a fifth product, Sybase 
ETL, which the company plans to inte- 
grate into future versions of the Data 
Integration Suite, although for now, it's 
sold by itself. I 
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Sybase Workspace provides access to features of the Data Integration Suite; data replication 
features are shown here. 
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Almost a Clean Sweep: About 3 in 4 Use AJAX 



BY ALAN ZEICHICK 

Nearly three out of four soft- 
ware development managers 
say that they're using or plan- 
ning to use AJAX-based rich 
Internet application technolo- 
gies. That's according to an 
independent July 2006 study 
conducted by BZ Research. 

BZ Research is a division of 
BZ Media, publisher of SD 
Times. The study was of 578 
subscribers to SD Times, and 
has an accuracy of 3 percentage 
points. 

In this study, 18.9 percent of 
respondents said that their com- 
panies have already deployed 
production systems using Asyn- 
chronous JavaScript and XML. 
Another 12.0 percent said that 
they are developing their first 
production systems but haven't 
deployed yet, and 14.2 percent 
are developing pilot systems. In 
addition, 37.7 percent are 
studying the technology. Only 
9.5 percent said that neither 
they nor their company has 
plans to use AJAX; 7.6 percent 
said that they didn't know. 

Why are development man- 



Other than JavaScript and XML, which languages will you be using 
for AJAX-based development? 
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agers interested in AJAX, and in 
related RIA and so-called "Web 
2.0" technologies? The respons- 
es varied, but many cited the 
improved user interface experi- 
ence due to AJAX's elimination 
of postbacks. 

"We are looking into using 
the technology for a Windows- 
like interface to our embedded 
system," said Wendi Whitcomb, 
a senior systems engineer at 
ZoZo Engineering, while Jeffrey 
Price, president of Price Perfor- 
mance, explained, "Customers 
demand desktop application 



Source: BZ Research 

look and feel. Citrix/Terminal 
server approach [is] becoming 
cost prohibitive due to licensing 
costs." Scott Finnerty, technical 
director of Barkley Evergreen & 
Partners Interactive, said, 
"We've embraced Rich Internet 
Application development as 
being key to the future of user 
experience for our clients." 

Other reasons had to do with 
the back end of an AJAX deploy- 
ment. David Yutzy, manager of 
Web applications at Retail Ven- 
tures Services, explained that 
AJAX can "reduce bandwidth 



requirements, increase utiliza- 
tion of servers, [and] enhance 
experience to users." Similarly, 
"AJAX allows us to reduce net- 
work load and server utilization 
to allow servers to handle more 
load and be more responsive," 
said Blaine McDonnell, senior 
analyst at AT&T Services. 

That's not to say that every- 
one is an unabashed fan of 
AJAX. "Personally, I feel that it's 
overblown in popularity and not 
all that useful in all applica- 
tions," said one respondent, who 
wished not to be identified. 

Security seems to be a com- 
mon concern, with AJAX being 
"too much exposed for the client 
side: Some delegated checking 
should be double-checked in 
server, since in the client side it 
seems to be exposed to crack it," 
said Paulo Soares, general man- 
ager of Central Call. 

Another respondent, Philip 
Christensen, managing director 
of Formation Design Systems, 
added, "Tools are too immature 
at the moment for full commer- 
cial deployment. [It's a] promis- 
ing technology, [and it] remains 



to be seen how standardized 
the environment will be and 
consequently how low cost 
deployment can be." 

Interestingly, development 
is evenly split when it comes to 
platforms for deploying AJAX- 
based server applications, with 
52.1 percent saying they'll use 
Java or J2EE, and 51.9 percent 
saying Microsoft's ASP.NET or 
Atlas — a statistical tie. An addi- 
tional 19.7 percent are using or 
considering Macromedia Flash, 
9.8 percent Ruby on Rails, and 
5.5 percent ColdFusion. 

"The real value of AJAX will 
come from tools that reduce 
the complexity and cost of 
implementing an enhanced 
user interface in the web 
browser environment," con- 
cluded Joel Simpson, director 
of software development and 
integration at Codesic Consult- 
ing. "The highly user-focused 
perspective taken in the design 
of AJAX applications results in 
functionality that rivals func- 
tionality found in some of the 
best desktop applications avail- 
able today." ■ 
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6th Sense: Productivity Is More Than a Hunch 



BY P.J. CONNOLLY 

Can a manager be an impedi- 
ment to developer efficiency? 
According to 6th Sense Ana- 
lytics, the answer can some- 
times be yes. 

The company in August took 



the wraps off its namesake devel- 
opment analysis software as a 
service, which it says is intended 
to give managers accurate met- 
rics to help keep developers pro- 
ductive. The service will become 
generally available in September. 



6th Sense CTO and co- 
founder Todd Olson said the 
company's methodology isn't 
about counting lines of code or 
clocking people in and out of 
projects, but rather about cap- 
turing development intangi- 



bles, such as finding a develop- 
er's groove of peak perfor- 
mance, what the company calls 
"flow time." 

Olson noted that most devel- 
oper tracking relies upon people 
manually inputting data, which, 
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he argued, fails to give the best 
available picture of the develop- 
ment process. 

The tool is free for individual 
users; managers and team lead- 
ers who want access to the aggre- 
gated data have to pay US$80 
per user per month. Data can be 
benchmarked within a shop, or it 
can be assessed against the 
results of other organizations 
using the software. As of mid- 
August, 126 developers at 30 
customer sites were already 
using the service. 

6TH SENSORS 

The 6th Sense architecture starts 
at the developer workstation, 
with the installation of one or 
more sensors that hook into the 
developers preferred IDE. Sen- 
sors are currently available for 
Borland's JBuilder, Eclipse, 
Emacs, Microsoft's Visual Studio 
.NET 2003 and VIM. Sensors 
for Visual Studio 2005 and Jet- 
Brains' IntelliJ IDEA are under 
development. 

The sensors collect activity 
data — whether the activity is a 
file editing session, a code 
review, a check-in, design time 
or something else — and send it 
over a secure connection to the 
6th Sense Analytics aggregation 
server. The activity data is then 
chunked into five-minute 
blocks to determine the pre- 
dominant activity during that 
period, which 6th Sense refers 
to as "active time." 

Managers analyzing active 
time can look at developers in 
terms of projects, technology, 
and of course, activity type. The 
objective in this scheme is to 
maximize "flow time," when pro- 
ductivity and quality are at their 
highest. 6th Sense claims from 
its observations that this usually 
amounts to half the total active 
time expended. 

So, if developers are at their 
most productive about half the 
time, what's a manager to do? 

The answer may not always 
be obvious; one anecdote related 
by 6th Sense CEO and co- 
founder Greg Burnell concerned 
a client who noticed productivity 
was up during his absence. 

"We debunked the concept 
that when the manager's out of 
town, nobody works." He contin- 
ued by noting that the person in 
question is now "more aware of 
the disruptions that he imparts 
on his development team," ulti- 
mately making him a better 
manager. I 
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Novell's Closed-Source Driver Policy Stirs Debate 

Linux vendors wrestle with issue of including proprietary code in distributions 



BY P.J. CONNOLLY 

On the heels of the July release 
of desktop and server versions of 
SUSE Linux Enterprise 10, 
Novell further tweaked its Linux 
lineup last month by renaming 
its SUSE Linux 10.1 distribution 
to "open SUSE," and aligning 
the company's free-for-down- 
load offering with the Novell- 
sponsored openSUSE project. 
The SUSE 10 series showcases 
Novell's new hands-off approach 
to proprietary drivers. 

Novell's driver policy, 
announced in March, means 
that selecting features requiring 
a closed-source driver invokes a 
download from the vendor, 
instead of Novell. Novell has 
pledged to work with affected 
vendors to ensure that, for 
example, SUSE's kernel changes 
don't break video drivers and 
vice versa, according to Novell's 
Linux product management vice 
president, Holger Dyroff. 

A 'PRACTICAL SOLUTION' 

Dyroff explained that the com- 
pany's approach was an attempt 
to create a practical solution to 
the problem of supplying propri- 
etary code while maintaining a 
commitment to open source. He 
claimed that closed-source dri- 
vers are not popular in the Linux 
community and noted that there 
may be legal issues, referring to 
possible conflicts with the GPL. 
Beyond the ideology, and more 
important to his business, is the 
problem of supporting other 
vendors' closed systems. 

Other vendors maintain a 
similar stance, offering a distrib- 
ution containing purely open- 
source software, and so- 
called "commercial" versions 
that include various degrees of 
closed, proprietary components. 
Perhaps the most extreme exam- 
ple of this is Linspire, whose 
CEO Kevin Carmony argued 
that the issue is end-user conve- 
nience. Carmony claimed that 
one of the most valuable things a 
Linux vendor can do is to run 
interference on behalf of cus- 
tomers with vendors that don't 
offer open-source software, to 
take care of licensing and sup- 
port issues. 

Mandriva CEO Francois 
Bancilhon agreed with the 
proposition that the issue is one 
of ideology versus practicality. 
He asserted that Mandriva's 
Dynamic Kernel Module Sup- 



port (DKMS) offers his cus- Red Hat was unable to pro- analyst Michael Goulde Vendors should direct open- 

tomers a middle path between vide a spokesperson; Canonical, believes that vendors who source efforts instead of fighting 

open- and closed-source drivers owner of Ubuntu, did not re- aren't offering open-source them, he said. "Why not co-opt 

by insulating the kernel from spond to a request for comment. components and drivers are the efforts and maintain your 

device drivers. Forrester Research senior missing a golden opportunity. leadership position?" I 
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Wily Extends Introscope to Detect Changes 

New agent software can determine if application performance is adversely impacted 



BY DAVID RUBINSTEIN 

Wily Technology is giving its 
Introscope performance moni- 
toring agents the ability to 
detect changes to production 



applications in real time, claim- 
ing to help organizations better 
diagnose the reasons for appli- 
cation failure. 

Introscope ChangeDetector, 



announced in mid-August, can 
determine if an application fail- 
ure is change-related, according 
to Ju-Kay Kwek, product man- 
ager at Wily, a division of Long 



Island-based computer giant 
CA. Kwek claimed the tool is 
the first to tie change data to 
performance, to help adminis- 
trators understand if the change 



Lacking visibility in your 
development process? 



I E 


^^ * ^ J 





wV 



Enerjy CO Z delivers complete visibility for 
a quality-driven development process 

Enerjy CQ2 4ntegrates with your version control 
system and existing tool set, Jt runs parailel wltfi 
existing project buHd systems to orifect store and 
graphically display code quality metrics. 

Enerjy CQ2 hEips to produce the highest quality 
appEications by measuring 

. Adherence to coding standards 

* Unit test reiulls 

* Code coverage metrics 

* Developer trends and activity 



Enerjy CQ2 presents metrics In a centratteed 

WeU application 

. Provides instant access to data reports and 
analysFs 

* Graphically displays metrics ar>d trends l;h d per 
project, per team and per developer basis 

# Leverages version control system to identify 
code ownership 



£\£RJY 

Software Integrity 

Td rearm more atiaat Enerjy E&2 visit 
www.*n*rjv.c«n>/vislbi<- 



is the cause of the problem. 

With Introscope, for exam- 
ple, users can be alerted if log-in 
performance goes above three 
seconds, Kwek explained. The 
ChangeDetector extension now 
lets organizations know that a 
change to the log-in servlet was 
made just prior to the perfor- 
mance decrease, he said. 

A dashboard helps users 
organize change monitoring by 
time and number, by applica- 
tion or for each individual com- 
ponent, or it can give a list of all 
changes, he said. 

The new tool, he explained, 
looks at changes to binaries, 
configuration files, database 
tables and JVM class loading. 
"Customers care about business 
apps," he said. "They don't care 
about router changes, unless 
they negatively impact the 
applications and business trans- 
actions," Kwek said. 

When a failure occurs, 
ChangeDetector can be used to 
first verify if any changes that 
were made were authorized 
and approved, he said. 

Kwek said the speed with 
which change occurs in Web 
applications, as businesses try 
to keep pace with competitors 
and take advantage of new 
opportunities, highlighted the 
need for this kind of tool. 
"There are system variables in a 
JVM, where a typo can change 
5.2MB to 52MB" and seriously 
impact performance, he said. 
"Then you have DBAs nuking 
indexes, and that can ground an 
application to a halt." 

Among the things Change- 
Detector does not do, Kwek 
explained, is deal with gover- 
nance. The tool will spot a 
change but won't indicate if the 
change violates any internal 
company policy or industry or 
governmental regulation. Nor 
can it be used to initiate a 
change, such as a scheduler in a 
change management system 
might be used. 

Wily intends to come out 
with a similar tool for use in 
mainframes within the next six 
to 12 months, Kwek said. Wily 
continues to operate as a stand- 
alone business unit within CA, 
which announced its acquisition 
in January 2006. ChangeDetec- 
tor, despite being a new tool, 
carries a 7.0 version number, to 
align it with the latest release of 
Introscope. I 
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U.S. Leadership on Cybersecurity 'AWOL 



< continued from page 1 

government respond to that." 

Asked whether DHS plans 
to appoint an acting assistant 
secretary for cybersecurity 
and telecommunications, DHS 
spokesman John Papa said: 
"The department continues to 
pursue qualified candidates." 
Of the task force report, Papa 
said, "The department wel- 
comed those recommendations 
and took them into considera- 
tion within the larger context of 
the Software Assurance Pro- 
gram's priorities and goals." 

The Software Assurance 
Program s aim is to reduce soft- 



ware vulnerabilities, minimize 
exploitation and address ways 
to improve the routine devel- 
opment and deployment of 
trustworthy software, accord- 
ing to Papa. 

'RUNNING IN PLACE' 

But Paul Kurtz, executive 
director of the Arlington, Va.- 
based advocacy group Cyber 
Security Industry Alliance, said 
DHS has not taken adequate 
measures to address cybersecu- 
rity concerns. "Cybersecurity is 
[apparently] not an issue for 
DHS," he said in a phone inter- 
view with SD Times. "[The 



cybersecurity division] is run- 
ning in place." He echoed that 
message in a July 13 news con- 
ference on Capitol Hill, where 
he joined Patrick Leahy of Ver- 
mont and other Senate 
Democrats in calling for 
stronger cybersupport leader- 
ship from DHS. 

"The U.S. government lead- 
ership on cybersecurity is 
AWOL," Kurtz said in his public 
remarks. In September 2003, 
following the launch earlier that 
year of President George W. 
Bush's National Strategy to 
Secure Cyberspace initiative, 
DHS tapped Symantec execu- 



RECOMMENDATIONS FOR DEVELOPING SECURE SOFTWARE 



In April 2004, the Improving Security Across the 
Software Development Lifecycle task force, 
formed in 2003 as part of President George W. 
Bush's National Strategy to Secure Cyberspace, 
submitted a set of recommendations to the 
National Cyber Security Division of the Depart- 
ment of Homeland Security. According to task 
force co-chair Ron Moritz, chief security officer 
for CA, DHS thanked the task force for its efforts. 
But more than two years later, it has yet to issue 
a formal response. 

Here's a brief look at some the recommenda- 
tions included in 123-page report. 
Enhance the education and training of present and 
future developers. Specific educational recommen- 
dations include: Make security a core component 
of software development programs at the univer- 
sity level, and develop and publish Internet con- 
tent pertaining to secure software development. 



Develop and apply processes and practices to 
improve the quality and security of software. The 

task force suggested that DHS enlist the support 
of groups such as the United States Computer 
Emergency Readiness Team (US-CERT) and the 
Information Technology-Information Sharing and 
Analysis Center (IT-ISAC) to work with software 
producers to determine the effectiveness of prac- 
tices that reduce software security vulnerabilities. 
Develop incentives that create a culture of securi- 
ty awareness. Recommendations include: Make 
the security of a developer's code a job perfor- 
mance factor, create industry awards that recog- 
nize secure development practices, and develop 
a multicompany program that offers rewards for 
information leading to the conviction of cyber- 
criminals. 

-Jennifer deJong 
Source: www. cyberpartnership. org/SDL CFULL.pdf 



tive Amit Yoran to head its 
cybersecurity division. But Yoran 
resigned from his position after 
only a year, departing just before 
original DHS head Tom Ridge 
stepped down in late 2004. 

"Homeland Security has had 
growing pains," acknowledged 
Moritz. 

In a phone interview with 
SD Times, Yoran declined to 
say why he left DHS. But a 
report published in the Wash- 
ington Post on Oct. 2, 2004, 
noted that Yoran had been 
disappointed that he was not 
given as much authority as he 
was promised to attack the 
problem. 

Yoran told SD Times that 
under his tenure, the cyber- 
security division made some 
significant strides, such as get- 
ting the FBI, IRS and State 
Department to share with DHS 
ongoing data about cyberinci- 
dents. While many such efforts 
have had no immediate impact, 
"there is great long-term poten- 
tial," he said. 

Chief among the cyberinci- 
dents gaining attention are those 
that put consumer data, such as 
credit-card numbers, at risk. "It 
is becoming an ail-too familiar 
story in the lives of Americans: 
the escalating reports of the 
unauthorized disclosure or theft 
of sensitive, personal informa- 
tion," said Leahy in the July 13 
news conference, referring to 



States Rule in Raising Secure Coding Awareness 



BY JENNIFER DEJONG 

As the U.S. Department of 
Homeland Security struggles to 
take a formal stance on cyberse- 
curity issues, state laws that 
mandate breach notification are 
taking the lead in showing busi- 
ness leaders why secure coding 
practices matter. 

The laws were enacted to 
protect consumers from security 
breaches such as the February 
2005 incident at Atlanta-based 
data broker ChoicePoint, where 
hackers stole personal data on 
more than 150,000 consumers. 

California led the way with 
its Security Breach Notification 
Act, which took effect in July 
2003. The law mandates that 
consumers must be notified 
when their name is illegitimate- 
ly obtained from a server or 
database, along with personal 
information such as their Social 
Security number, driver's 




CEOs need to pay attention to 
software security, says CA's Moritz. 

license number, account num- 
ber, credit- or debit-card num- 
ber, or security code or pass- 
word for accessing their 
financial account, according to 
San Diego-based consumer 
advocacy group Privacy Rights 
Clearing House. 



Since then, more than 30 
states have passed comparable 
laws requiring that individuals 
be notified of security breach- 
es, according to the advocacy 
group. 

The issue of writing secure 
software is becoming much 
more prevalent, said Ron 
Moritz, chief security officer at 
Islandia, N.Y-based software 
company CA. "I can't say every 
CEO is thinking about applica- 
tion security. But we have seen 
the consequences of CEOs not 
paying attention." 

Breach notification laws 
have helped underscore the 
importance of secure applica- 
tion development, said David 
Grant, vice president of mar- 
keting for Waltham, Mass.- 
based Watchfire, which sells 
application security software. 
"But they don't solve the prob- 
lem." They don't require com- 



panies to implement strong 
security throughout the appli- 
cation life cycle, he said. 

To date, neither the Senate 
nor the House of Representa- 
tives has passed any law about 
data breaches and security, 
noted Grant. Several federal 
bills, including the Data 
Accountability and Trust Act, 
are pending. If passed, the law 
will require any entity that 
experiences a breach of security 
to notify those in the United 
States whose information was 
acquired by an unauthorized 
person. The bill is currently 
awaiting a House vote. 

Federal laws governing 
breach notification are not nec- 
essarily the answer, said Grant. 
They run the risk of becoming 
too "watered down by lobbyists," 
he said. "They shouldn't pre- 
empt the state laws, which are 
giving us good notification." I 
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Cybersecurity does not appear to 
be an issue for DHS, says Cyber 
Security Industry Alliance's Kurtz. 

well-publicized incidents in both 
the private and public sectors. 

J NO ONE IN CHARGE' 

In July 2005, director of Home- 
land Security Michael Chertoff 
took steps to broaden the author- 
ity of the department's cyber- 
security chief. His announce- 
ment that the department had 
created the position of assistant 
secretary for cybersecurity and 
telecommunications essentially 
elevated to a higher level the 
position Yoran left vacant. 

But one year later that posi- 
tion remains vacant. 

While DHS "works steadfast- 
ly to find a nominee for the assis- 
tant secretary for cybersecurity 
position," it has begun to take 
measures to address data securi- 
ty issues, DHS' Papa noted. 

For instance, the National 
Cyber Security Division of DHS 
sponsors "Build Security In," a 
Web portal (www.buildsecurityin 
.us-cert.gov) launched in Octo- 
ber 2005 that provides guidance 
to the software developer com- 
munity. In the near future, DHS 
will sponsor publications such as 
the Software Assurance Com- 
mon Body of Knowledge and 
Security in the Software Lifecy- 
cle, the official said. 

It's appropriate for DHS to 
take a stance on secure coding 
practices, but its key role must 
be to "protect from attack the 
information infrastructure that 
we use every day," said Kurtz. 
"The private sector is far better 
suited to address secure soft- 
ware development practices." 

That effort is well under 
way, added Moritz. "Making 
sure code is secure — that is 
already happening among 
development managers," he 
said. "That was a good outcome 
of our task force." I 
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Sun Considering Baking 
AJAX Into Next JSF Spec 



< continued from page 1 

what he called an explosion of 
end points on the server. "For 
each piece of AJAX goodness 
you're using, you might have a 
separate JSP you're talking to, 
and each of those widgets might 
have a different kind of end 
point. If you work through a 
mediator, you can control those 
endpoints," with JSF acting as 
the perfect mediator, he said. 



Burns said he also believes 
that because JSF development 
is already understood by many 
enterprise Java development 
shops, having JSF tools that 
automatically generate AJAX is 
easier than building the 
JavaScript code by hand. 

Burns also pointed out that 
JSF has its own validators and 
type conversion capabilities 
built in, which would other- 



MICROSOFT OFFERS FREE 
XBOX GAME DEV SUITE 



BY ALEX HANDY 

Microsoft announced in mid- 
August that it would offer a 
coding suite to Xbox 360 own- 
ers, the first console video 
game development suite to be 
offered for free to end users. 
The company also plans to 
begin a service that will enable 
developers to share their 
games online via the Xbox 



Live online game service. 

The free tools, dubbed the 
XNA Game Studio Express 
development suite, were sched- 
uled to be released in late 
August. However, developers 
wishing to test their games on 
an actual Xbox 360 must pay 
US$99 per year to subscribe to 
the XNA users group. The suite 
runs under Windows XP. I 



wise need to be coded by hand 
in JavaScript. 

That's one of the reasons 
Exadel created AJAX4JSF, its 
open-source JSF component sys- 
tem. "The components will ren- 
der all the necessary JavaScript, 
XML, CSS and HTML to pro- 
vide the functionality," said Fima 
Katz, CEO of Exadel. The tool is 
now available on Java.net, and is 
designed to work alongside other 
JSF and AJAX components with 
little or no modification. 

'AJAX PUSH' 

Ice Soft, on the other hand, cre- 
ated IceFaces to accomplish the 
same tasks. CTO Steve Maryka 
said that IceFaces offers some 
functionality that's not available 
in other JSF/AJAX frameworks. 
"One of our key differentiators is 
a capability we call AJAX push, 
the ability to dynamically update 
the presentation from some serv- 
er-initiated event as opposed to a 
user event," he said, adding that 
the typical event model requires 




Making AJAX a commodity will put the value into the implementations, 
says Sun's Burns. 



the user to interact first. Using 
IceFaces, a Web-based e-mail 
client could automatically show 
new e-mails as they arrive, he 
said, rather than the current 
model that relies on timed or 
user-requested refreshes. 

Such functionality may soon 
become a standard feature of 
JSF 2.0, said Burns. "People 
have realized that if you have 
segmentation of different AJAX 
solutions, it's not operating as 
efficiently as [it] could if there 
was a standard. Let's make the 
[technology] a commodity and 
have the implementations be 
where the value is," said Burns. 

IceFaces, for example, ren- 



ders all of its AJAX directly to 
DOM, a method that is not 
widely used by other JSF-to- 
AJAX frameworks, and as such, 
offers limited compatibility 
with other JSF components. 

Burns finished his work as 
specification lead on JSF 1.2 in 
May but is already considering 
what will be included in version 
2.0. He said that both Exadel 
and IceSoft have expressed 
interest in participating in the 
effort — whenever that might 
be — despite the fact that some 
of the functionality both com- 
panies point out as their differ- 
entiators may soon become part 
of the specification. I 
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Lattix Releases LDM for .NET, Eyes Oracle Support 

Lower-cost versions target smaller projects; database dependencies are next 



BY P.J. CONNOLLY 

Lattix announced last month the 
general availability of a module 
for its LDM dependency model- 



ing software aimed at .NET 
developers, and new Profession- 
al and Professional Plus editions 
of LDM priced for solo develop- 



ers and smaller projects. 

The new LDM editions cost 
US$495 for the Professional 
and $695 for the Professional 



Plus, and have the same model- 
ing features as the $2,295 
Enterprise edition but are lim- 
ited to 500 and 1,000 files or 
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classes per model, respectively. 

The new LDM module joins 
the company's dependency 
trackers for C/C++ and Java. 
"In the .NET world, there isn't 
anything that enables you to 
extract dependencies, analyze 
them and formalize the archi- 
tecture," said Lattix sales vice 
president Frank Waldman. 
LDM "is the first tool that will 
allow people who are building 
these complex .NET applica- 
tions" to do that, he claimed. 

According to Waldman, the 
impetus to move ahead with an 
LDM for .NET came from the 
customers of LDM for C/C++, 
released earlier this year. Not- 
ing that the LDM line supports 
legacy as well as new code, he 
cited the advantages of "an 
analysis that will cover both the 
original codebase and the 
migration to .NET" 

Waldman also confirmed that 
Lattix was looking to extend its 
dependency management line- 
up to embrace databases, begin- 
ning with an evaluation-only 
LDM for Oracle. He could not 
say when it would be generally 
available. I 

Pragmatic 
Planning Tool 
Gets Boost 

BY DAVID RUBINSTEIN 

Pragmatic Software late last 
month released an update to its 
Web-based Software Planner 
software with advanced project 
management, project security 
and team collaboration features. 

"We do everything from 
requirements gathering, test- 
case management, defect man- 
agement and project manage- 
ment as well," said Steve Miller, 
Pragmatic's CEO. "There are 
linkages to all these areas in a 
single tool." 

Software Planner 7.8 allows 
managers to create project 
plans and to control access to 
those plans, then to track vari- 
ances as the projects move 
along to see if those changes 
from the plan were authorized, 
according to Miller. 

Team members update the 
status of their tasks through the 
Web-based interface; their time 
entry helps organizations man- 
age time sheets and billing. I 
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Attack Detection as Important as Prevention 

New PreEmptive tools will signal unexpected application, user behavior 



BY DAVID Rubinstein detect when an application is with the staggered release later "The smarter developers get 

It's one thing to be able to pre- being attacked. this year and early next of its at detecting buffer overflows 

vent attacks on applications. It's That's the problem PreEmp- "SOS" family of tamper detec- and other attacks, the less they 

quite another to be able to tive Solutions is looking to solve tion tools. know about the hostility of the 
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A project isn't quite right when you 

don't use the appropriate tool. The same is true 
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devetopment component. Log on to www.-Tpoint.tom 
to download a 30-day fre* trial and check out our 
other greai products. 



Providing fieri bfe, powerful and 
reliable solutions for your 
development needs. 



environment," said PreEmptive 
senior vice president Sebastian 
Hoist. "For instance, if an appli- 
cation automatically rejects a 
bad user name, there's no way to 
know if it was an honest mistake 
or an attack. The fact that some- 
one tried [an attack] and failed 
is important information." 

The upcoming releases will 
add to PreEmptive's preventa- 
tive code obfuscation controls 
by enabling developers to set 
usage thresholds for their appli- 
cations that when exceeded will 
trigger signals back to a man- 
aged service. 

First up is SOSignal, targeted 
for release in November. The 
tool will signal when application 
transactions have unexpected 
endings or usage levels spike. In 
early 2007 will come SOSecure, 
which will include an attack pro- 
file taxonomy of such attacks as 
SQL injections and buffer over- 
flows. SOS mart will follow later 
in 2007, Hoist said. The tool 
addresses the business perfor- 
mance side. Organizations, he 
said, "will be able to see if some- 
one is changing something 
internally. It focuses on the com- 
munity, and can give the applica- 
tion's perspective on the com- 
munity's performance." 

Dashboards will bring to- 
gether data on such things as 
application adoption, user effi- 
ciency and operational risk — 
how the apps are being used, 
Hoist explained. "You will get a 
true perspective of use beyond 
the silos of information." I 

LinuxWorld 
Showcases OS 

<* continued from page 3 

Server, which can replicate 
data from one Oracle or Post- 
greSQL database to another in 
near real time. The company 
also released EnterpriseDB 
Advanced Server 8.1 Release 
2, now with the ability to auto- 
matically migrate from Oracle 
to EnterpriseDB, and a hand- 
ful of new tools for building 
software that relies on an 
EnterpriseDB database. 

Symantec was also on hand 
to trumpet the recently re- 
leased Veritas Storage Founda- 
tion 5.0 and Veritas Server 
Foundation 5.0. These tools are 
designed to ease administration 
of Linux-based systems in 
the data center. In addition, 
Symantec announced partner- 
ships with Red Hat and IBM to 
bring virtualization into its data 
center products. I 
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Leopard's Champing at 64-Bit 



< continued from page 1 

Intel processors, marking the 
end of the Power Mac era. 

In his keynote address, Apple 
CEO Steve Jobs demonstrated 
new features in Leopard for the 
gathered throng of faithful 
developers. According to Jobs, 
more than 4,200 developers 
were in attendance, the largest- 
ever turnout for the event. 

He also announced Xcode 
3.0, an upgrade of Apples inte- 
grated development environ- 
ment for building Macintosh 
apps in C, C++, Objective-C and 
Java, but would not explain which 
new features would be included. 

FEATURES TAKE SPOTLIGHT 

The real stars of the show were 
the 10 Leopard features dis- 
cussed during the keynote, 
including the addition of support 
for the building and running of 
64-bit applications in Cocoa and 
Carbon, Apples two Mac OS X- 
specific programming environ- 
ments, on Intel processors. 

Currently, Apples operating 
system supports 64-bit applica- 
tions only on Power PC G5 
processors. Apple insists that 64- 
bit applications written for Leop- 
ard will run on both 64-bit and 
32-bit processors, no matter the 
environment, without modifica- 
tion or emulation. 

The initial Intel-based Macin- 
toshes used the 32-bit Intel Core 
processors. However, some new- 
er models, such as the recently 
announced Mac Pro workstation, 
will use Intel's higher-end 
Xeon processor, which supports 
both 32-bit or 64-bit operating 
systems. Jobs also announced 
that in October, the company will 
ship Xeon-based servers. 

At the show, Apple 
announced the launch of www 
.macosforge, the company's new 
open-source repository for inter- 
nal projects. But without fanfare, 
Apple made available on the site 
the source code for Mac OS X 
Intel kernel versions 10.4.7 and 
earlier. In addition, the site hosts 
a new open-source calendaring 
server and the source code to the 
company's Bonjour networking 
protocol. 

Also announced during the 
keynote was a new suite of tools 
for building Dashboard widgets. 
Apple offered up a simple way 
for users to turn sections of any 
Web page into a widget, a 
process that was demonstrated 
by Scott Forstall, Apple's vice 
president of platform experi- 



ence. Forstall went on to state 
that Mac OS X 10.5 would 
include JavaScript editing and 
debugging tools for more 
advanced widget creation, 
though he did not elaborate on 
whether these tools could be 



used alongside other develop- 
ment applications. 

Another feature discussed by 
Jobs and Forstall was a new ani- 
mation API called Core Anima- 
tion. This set of libraries will 
make it easier for developers to 



add flair and movement to their 
applications. Other features 
shown included a new backup 
system called Time Machine, a 
redesigned mail client, improved 
support for handicapped users, 
and multiple virtual desktops. 



The final new feature discussed 
was an improved iChat messag- 
ing client that will add on-the- 
fly background changing and 
improved video conferencing. 
Users will be able to show pho- 
tos, presentations and movies via 
iChat messaging. 

Jobs said Apple expects to 
ship Leopard by spring 2007.1 
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Awaiting a Tools Buyer, Borland Brings Back Turbo Brand 



< continued from page 1 

on developers," said Borland 
vice president of developer rela- 
tions David Intersimone. 

The developer focus is key 
to attracting a buyer for Bor- 



land's IDE business, which in 
addition to the Delphi, C++ and 
C# tools, includes the company's 
Java development environment 
JBuilder Intersimone said Bor- 
land is on schedule to announce 



a buyer in the third quarter of 
this year. "We have been assured 
[of that time frame]," he said. 

In February, Borland an- 
nounced plans to divest itself of 
the IDE business and focus sole- 



ly on its application life-cycle 
management offering, Core 
SDP, which combines tools for 
IT governance, modeling, 
requirements, coding, change 
management and testing. 
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Borland has said earlier that 
some assets of JBuilder may 
make their way into future 
releases of Core SDP, and that 
the issue is likely to be addressed 
through a cross-licensing agree- 
ment with the buyer. 

Asked whether issues sur- 
rounding the cross-licensing of 
JBuilder for use in Core SDP 
have been a sticking point in 
negotiations with potential buy- 
ers, Intersimone said they had 
not. "But we will have customers 
in common," he said referring to 
the yet-to-be-named company 
that will sell the developer tools, 
and Borland. 

As reported earlier by SD 
Times, Borland has continued 
to enhance JBuilder as it awaits 
a buyer. JBuilder 2007, built on 
Eclipse instead of the compa- 
ny's earlier proprietary frame- 
work PrimeTime, is expected 
by the end of this year. 

TURBO EDITIONS 

Borland will offer each of the 
new Turbo releases in two edi- 
tions: Explorer, a free download 
(available Sept. 1 at www.turbo 
explorer.com), and Professional, 
which Borland expects to price 
at less than US$500 per devel- 
oper, Intersimone said. Both 
editions of the IDEs include 
more than 200 components, 
enabling the development of 
both Windows and Web applica- 
tions. But the free version pre- 
vents developers from plugging 
in third-party tools, he said. "To 
do that, you have to upgrade to 
the Professional edition." 

Borland launched Turbo 
Pascal 1.0 in 1983, the same 
year the company was founded. 

The Delphi predecessor 
included not just the Pascal 
programming language, but 
also an editor, debugger, com- 
piler and other tools, and is 
widely considered to be the 
industry's first IDE. 

Borland went on to launch 
IDEs for Basic, Prolog, C and 
C + + under the Turbo brand 
and did not retire the Turbo 
name until 1995, Intersimone 
said. "The brand is a classic." 

Even before it announced 
plans earlier this year to sell its 
IDE business, Borland drew 
criticism that it had abandoned 
its roots as a company that 
makes tools for developers. 
"But the new company will 
have a complete focus on devel- 
opers," said Intersimone. I 
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Build Management 
Adoption of Maven 

Open-source tool sees more rapid uptake 



BY ALEX HANDY 

After four and a half years in develop- 
ment, Maven is seeing significant uptake 
for the first time. With around 20 per- 
cent of Java developers surveyed stating 
that they use Maven, according to 
O'Reilly Media, this open-source build 
management system has moved from 
being a slowly developed project to one 
of the most active pieces of software at 
the Apache Software Foundation. 

In the 2006 O'Reilly survey, 90 per- 
cent of respondents said they currently 
use Ant, while close to 20 percent 
reported using Maven. These were two 
of the most popular non-IDE tools used 
by Java developers, with JUnit and XDo- 
clet being the only other tools with sig- 
nificant penetration. 

Jason van Zyl, creator of the Maven 
project and co-founder of Mergere, a 
company he founded with Winston 
Damerillo to offer service and support 
contracts to Maven users, said that he and 
his partners were moved to create and 
refine Maven because of the complexity 
of Ant, the first Apache build effort. 



"Ant is a great toolbox," said van Zyl, 
"but what Maven provides is some struc- 
ture and process. We take the idea of pro- 
viding a good toolbox, but we also provide 
patterns that are very akin to design pat- 
terns. If [a developer has] used Maven 
once on a project, it doesn't matter what 
other Maven project [the developer goes] 
to. If a developer is working on one open- 
source project and goes to another, he 
can familiarize himself quickly with the 
build, as opposed to reading through a 
thousand-line Ant script." 

Tracy Ragan, co-founder and CEO of 
Catalyst Systems, agreed that Maven 
does solve a problem. She said that 
many organizations have realized that 
spending hours building a new Ant 
script for each project is a waste of time. 
Her company's OpenMake build man- 
agement tool supports Ant but uses Perl 
scripts to accomplish some of the things 
Maven does. OpenMake offers its ser- 
vices to Java, C and C++ users, while 
Ant and Maven are primarily used with 
Java. Ragan said that there's a trade-off 
when using Maven. 
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Expert: 
Soaring 

by Java developers 

"Because Maven is still an Ant XML 
process, you have to conform to the 
directory structures required by the 
design of Maven," said Ragan. "The 
designers of Maven said, This is the best 
way to lay out an Ant XML build.' " 

That means that existing projects 
already heavily entrenched inside of a 
Subversion, CVS, Perforce or other 
repository must undergo a directory nor- 
malization prior to moving to Maven. 
And that, said Ragan, is no small task. 
But despite the difficulty of redesigning 
the layout of a project within the reposi- 
tory, Ragan agreed that there was no 
other way to standardize builds in 
Maven that wouldn't have required such 
a choice. 

She agreed that Maven was a great 
step toward removing build complexity, 
but pointed out that at present, many of 
the teams her company deals with are 
still using Ant. Yet, Ragan does admit 
that roughly 15 percent to 20 percent of 
her customers are asking about Maven 
and how it can be supported or 
replaced with OpenMake. Catalyst 




'Ant is a great toolbox, 
but what Maven provides 
is some structure and process. 
We take the idea of providing 
a good toolbox, but we also 
provide patterns that are very 
akin to design patterns. ' 

—Jason van Zyl, Maven creator 



does not currently offer Maven support 
in OpenMake. 

But Maven's own repositories are 
the project's largest benefit for its 
users, said van Zyl. Maven's maintain- 
ers have constructed a set of libraries, 
.Jar files and other commonly used 
development tools that Maven can 
automatically download when needed. 
This ensures that developers working 
on a project for the first time won't 
have to spend their time chasing down 
dependencies in order to compile a 
program. 

So why is Maven only now seeing 
rapid uptake? Brett Porter, Mergere's 
director of engineering, said that 
Maven's position in the build process is 
responsible for the tool's sudden growth. 



"It would be quite common for an 
organization to pilot its use on a project 
or department, and for it to grow from 
the successes there," said Porter. "One 
of the advantages of Maven is that 
because it requires you to create shared 
build infrastructure, it will often be 
much less work for subsequent groups 
in the same organization to adopt it, 
reusing the work of others." 

van Zyl and the Maven team are 
working on building the beginnings of 
Maven 2.1. The new version should 
begin to trickle out in four months, and 
should include significantly reworked 
metadata capabilities. At present, said 
van Zyl, the metadata that Maven 
encapsulates in each project is not 
quite descriptive or standard enough 



for some people using the tool, van Zyl 
pointed out that the Spring project has 
moved to Maven, and is currently expe- 
riencing trouble with the metadata 
Maven creates. 

For Ragan, the Maven model is a 
great step into the future, though an 
unavoidably flawed one. "The problem 
with the build process in general is 
that it gets forgotten until later. Devel- 
opers check files into Subversion, or 
CVS or Perforce in particular struc- 
tures, and for them to go back through 
and restructure all that is fairly time- 
consuming." 

But that, said van Zyl, is the real ben- 
efit of Maven: Standardized directory 
structures mean never being lost in a 
CVS tree again. I 
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IBM Feeds RFID Developer Needs 



Big Blue posts three free tools, developer resources, on alphaWorks site 



BY P.J. CONNOLLY 

IBM has posted three new tools and 
added learning resources to its alpha- 
Works site for emerging technologies, in 
an effort to improve supply-chain mech- 
anisms in a way that suits business part- 
ners, according to Chris Spencer, 
emerging technologies strategist for 
alphaWorks. The new tools and re- 
sources, he said, attempt to address the 
need for instant expertise. 

First is the RISE (RFID Integrated 
Solution Enablement) toolkit, a Web- 
Sphere extension developed by IBM 
researchers in Korea and the United 
States. It lets developers use prebuilt 
components to model RFID implemen- 
tations, test them and then deploy them 
to specific devices and platforms. 

With the RISE toolkit, composition 
diagrams are used to model data flow, 
and get switched out as the controller 
model changes state. The XML-based 
RISE model format maintains the solu- 
tion model with component, connection 
and configuration details. A developer 
then generates a binary version of the 
model and feeds it to a RISE runtime 
environment, which grabs required soft- 
ware bundles from an OSGi service such 
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RISE allows developers to model RFID implementations by using predefined components 
(clocks, lights and timers, above), and evaluating against specific behaviors and variables. 



as IBM's Service Management Frame- 
work or ProSyst Software's mBedded 
Server, and then turns the model over to 
RISE's execution engine. 

The company has also released the 
RFID Device Development Kit, an 
OSGi-based infrastructure with tools and 



access to more than 300 RFID-specific 
resources, such as articles and tutorials, 
on IBM's developerWorks Web site. 

Part of IBM's Emerging Technologies 
Toolkit (ETTK) collection, the RFID kit 
maps API and protocol specifications 
into XML. Developers can then develop 



and generate a Java-based device inter- 
face, which ultimately becomes a model 
of the device itself. The device toolkit 
can also assist developers in creating 
agent classes that work with IBM's exist- 
ing middleware for device actuators and 
sensors. This can be used to create new 
applications or to extend existing applica- 
tions with RFID support. 

The third giveaway is the Application 
Level Events (ALE) Preview for RFID, 
providing browser-based display of RFID 
events, which the company claims allows 
developers to add RFID capabilities to 
applications earlier in the development 
cycle. Also a member of the ETTK, ALE 
runs on top of the WebSphere application 
server and enables a client application to 
query a network of RFID readers, or oth- 
er read points, for specific EPC events 
and data, and supports ad hoc and stand- 
ing requests. The ALE Preview uses the 
interface and XML query language from 
EPCglobal's ALE 1.0 standard, and 
includes a JavaScript-based client applica- 
tion for creating event cycle specifications 
and receiving event cycle reports, as well 
as an RFID trigger simulator. 

The tools are available now at 
www. alphaworks.ibm.com/topics/rfid. I 



SafeNet to Offer Software 
For Embedded Licensing 



BY ALEX HANDY 

With companies as large as Cisco Systems 
advocating the separation of software and 
hardware for monetization purposes, it's 
no wonder that SafeNet has decided to 
release a set of tools designed to manage 
software licensing on embedded plat- 
forms. The company's forthcoming Sen- 
tinel RMSe can validate software running 
on an embedded platform to ensure that 
it is properly licensed and up to date. 

Ken Chow, general manager for the 
software protection business unit at 
SafeNet, said the primary motivator for 
limiting the usability of embedded soft- 
ware through licensing is to keep hard- 
ware products fresh and monetized for 
longer periods of time. 

"We provide the vendor a set of APIs 
and our library. When their OS and the 
routines embedded within it make a call 
out to our library, they check first for the 
presence of a license," said Chow. If that 
license is not found, the vendor can 
choose what actions the hardware should 
take. Possible actions include sending a 
notification to the user, stopping all func- 
tionality or any other tactic that will alert 
the owner of the need to purchase the 
proper license. 

Chow went on to explain why this 



functionality is so hard to implement. 
"The major issue of this in the embed- 
ded world is the constrained environ- 
ments. We've had customers who want 
our libraries compressed down to 500k, 
even down to 100k with 30k stacks. For- 
tunately our product, unlike others, was 
architected from the beginning to be 
fairly streamlined," he claimed. 

Chow said SafeNet's Sentinel RMSe 
has allowed its preliminary customers to 
save money on hardware manufacturing. 
He said companies can limit the function- 
ality of a piece of hardware with Sentinel, 
and allow customers to upgrade to a high- 
er-end product by simply purchasing a 
new license and uploading new software. 

Sentinel RMSe works with many em- 
bedded platforms, including BSD and 
MontaVista Software-based systems, and 
is primarily usable with the C program- 
ming language. 

The product will be generally available 
in mid- September, and will cost between 
US$100,000 and $2.2 million, depending 
on the revenue generated by the hard- 
ware used. Chow said that SafeNet offers 
24x7 technical support along with pur- 
chased licenses of its software, and that 
engineering support is also available to 
customize the product to specific needs. I 
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Get Smart 

When knowledge in a particular area is lacking, 
learn about options for training before signing up 



BY GEOFF KOCH 



jk s Alan Koch remembers it, the 
L\ insurance company was looking 
JL JL. for a trainer to help its develop- 
er team with three tasks — assess current 
test procedures, identify industry best 
practices related to these procedures, 
and map out a new approach for more 
consistent and efficient testing. 

"It doesn't take much reading 
between the lines to see what I was told 
verbally: 'We suck at testing, and we 
don't know how to fix it,'" said Koch, 
president of ASK Process, the Daytona 
Beach, Fla. -based training firm that 
eventually won the training assignment. 

Shoring up a team's software skills 
requires more than writing a request 
for information that is a thinly veiled 
cry for help. 

For starters, there's a dense thicket of 
training options to consider. Nearby 
expert or nationally known pro? Off-the- 
shelf or highly customized? Over the 
Web or face-to-face? Also, many devel- 
opers and managers weighing these 
questions only occasionally think seri- 
ously about formal instruction. 

In short, it's downright tough to be 
savvy about training, something that 
everybody agrees is of paramount 
importance in the hypercompetitive, 
someone-wants-your-job-in-India-or- 
China world of software. 

Invariably, though, all developers 
sooner or later will have to peer down the 
training path. And the best advice for not 
getting lost, say providers and recent con- 
sumers of software training, is to stay 
alert for a handful of common guideposts. 

YOU KNOW YOU NEED HELP WHEN... 

The first step — and here it's perhaps 
appropriate to note that overzealous 
consumers of drugs, alcohol and tech- 
nology often are called users — is admit- 
ting there is a problem. 

Sometimes, the source of the prob- 
lem is internal. Development processes 
that work during a sparsely staffed start- 
up phase can become unwieldy as a 
company begins to grow. 

Koch has trained at least one Wash- 
ington, D.C.-area technologist strug- 
gling to adapt to the new requirement 



that those bidding on government con- 
tracts have a threshold Capability and 
Maturity Model rating, a standard mea- 
sure of the ability to produce quality 
software. 

"My experience has been that the 
motivator for hiring my services is 
always pain — always," said Koch, also 
the author of the 2004 book "Agile Soft- 
ware Development: Evaluating the 
Methods for your Organization." 

Angst over particular technologies or 
processes certainly can snarl the delivery 
of clean software. However, sometimes 
a team's problem is more prosaic, such 
as not agreeing on the meanings of com- 
monly used words in the coding world. 

"Vocabulary is important to share 
between all levels in an organization," 
said Hubert Smits, a coach at Agile- 
focused training and tooling vendor Ral- 
ly Software Development in Boulder, 
Colo. "'Iteration' should have a single 
meaning as should 'done' or 'release.' 
Terms like 'test-driven development' 
have multiple interpretations, and 
teams need clarity on which meaning is 
selected." 

Rex Black, a test engineering and 
automation consultant in Bulverde, 
Texas, has seen several somewhat dire 
development problems caused by lack of 
agreed-upon word definitions and team 
roles. As examples, he cited two of his 
clients — a bank in New Zealand and a 
satellite television company in the Unit- 
ed States. 

"They both have a 'quality assur- 
ance' group, yet 90 percent of these 
groups' work is testing," said Black 
president of Rex Black Consult- 
ing Services. "Now, testing soft- 
ware no more 'assures' its qual- 
ity than getting on a scale 
assures weight loss." 

The bread-and-butter 
function of testing is to 
assess rather than guaran- 
tee or improve quality, 
Black continued. So what 
both of these groups 
have is a jarring discon- 
nect between what they 

► continued on page 34 
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< continued from page 33 

realistically can do and what the organiza- 
tion expects them to do. 

Not everyone agrees that it's primari- 
ly pain and confusion that pushes pro- 
grammers into trainers' arms. 

"Some organizations, believe it or 
not, take a more holistic view to train- 
ing," said Robert Galen, president of 
RGalen Consulting Group in Cary, N.C. 
"As part of their annual review and/or 
budgeting process, they'll analyze where 
they're going from a technology and pro- 
ject strategy position." 

These companies sometimes go on to 
perform gap analysis and then look for 
trainers to come in and plug the biggest 
holes, Galen said. 

NOSE AROUND NEWSGROUPS 

Whether it's pain or proactive invest- 
ment that's the impetus, once the deci- 
sion to find a trainer is made, the next 
challenge is to find a good one. 

"Newsgroups are perhaps one of the 
best ways I can think of to identify 
appropriate training," said Richard 
Arneson, a 19-year programming veter- 



an who works in Seattle for Atlas, a divi- 
sion of AQuantive. 

Arneson said his company has been 
making an effort to make good use of 
agile development techniques, combin- 
ing off-the-shelf training with consul- 
tants. "Aside from the possibility that 
you might get reasoned input about 
what other people have done, the people 
who do training and consulting seem to 
haunt the newsgroups. You get a chance 
to hear their thoughts and see how they 
interact with the subject." 

Rather than trolling newsgroups, San- 
dra Iniguez's search for training help took 
a more traditional tack. Namely, she sam- 
pled the services of a well-established 
vendor before jumping in with both feet. 

Iniguez, a senior QA manager with 
HSBC North America in Chicago, found 
herself with too many employees profi- 
cient in basic test execution tasks and too 
few QA analysts who could actually 
design a test strategy and develop test 
cases. When the decision was made to 
begin sending the basic testing offshore, 
the challenge was to quickly transform 
her testers into higher- value QA analysts. 
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The best training communicates timeless truths about software development projects, says 
consultant Rex Black. For example, most bugs appear in clusters. This graph shows that more 
than two-thirds of bugs in an Internet appliance were found in just three of the 12 modules. 



Capability Maturity Model 




Source: Carnegie Mellon Software Engineering Institute 

Florida-based trainer Alan Koch says the goal of training should be to move organizations beyond basic 
'design, develop, integrate, test' routines toward a capacity for continuous process improvement. 



Despite the fact that HSBC has its 
own learning and development depart- 
ment to foster professional development 
of company employees, Iniguez said 
there were no internal classes to meet her 
niche training need. So she did some 
research on the Internet and found North 
Carolina-based ASPE Technology, a 
national provider of systems and software 
development training that 
offers courses in the Chica- 
go area. 

Iniguez first picked a 
quality assurance and test- 
ing techniques class for 
three of her employees, all 
of whom returned with 
good reviews. Then she 
accompanied five other 
staffers to a class on mas- 
tering test plan develop- 
ment. After sending other 
employees to different 
ASPE courses in Chicago, 
and comparing notes about 
what worked and what 
didn't, Iniguez eventually 
decided to bring an ASPE 
instructor on-site for com- 
prehensive training for her 
entire 16-person team. 

For Danny Jones, a Web 
solutions manager for the 
Spokane, Wash., Teachers 
Credit Union, the issue 
wasn't how to deal with off- 
shoring but rather how to 
keep an awful development 
cycle from ever happening 
again. 

"After a 15-month 
waterfall project finally 
ended during the sum- 
mer of 2005, our develop- 
ment team was exhausted 
and suffering from burn- 
out," said Jones. 

Googling for waterfall 



alternatives, Jones began reading up on 
agile processes. He wound up spending 
lots of time on Rally's Web site and even- 
tually set up a few Rally Web seminars to 
learn more. 

"We liked what we heard and saw, 
although everyone in the room would 
giggle like little kids whenever the term 
'ScrumMaster' was mentioned," said 
Jones. "It was all new to us." 

What followed was a contract with 
Rally, which sent a consultant to 
Spokane to help the credit union imple- 
ment agile practices. Now, when Jones 
hires new people, he often sends them 
to Rally's Colorado headquarters for 
ScrumMaster training before they can 
join his developer team. 

DEVILISH DETAILS 

Between the Web and word-of-mouth 
references, it's actually not difficult to 
identify a short list of potential training 
resources. The harder part is agreeing on 
nitty-gritty details such as class delivery 
method, content and format. 

In 2004, 28 percent of training was 
delivered via learning technologies such 
as the Web, according to the most recent 
State of the Industry Report from the 
American Society for Training & Devel- 
opment. And e-learning continues mak- 
ing advances; in 2003, learning technolo- 
gies accounted for 24 percent of the 
training pie, according to the same report. 

However, few providers or consumers 
of training are worried that the face-to- 
face market will evaporate anytime soon. 

"There is just no substitute for seeing 
people's faces as you lecture," said Koch. 
"When you are doing it over the Web, 
you are literally blind — you have no idea 
if the students are getting the point, or if 
you are losing them." 

Other limitations to online instruc- 
tion include reduced interaction, limited 
opportunity for group exercises and the 
► continued on page 36 
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Get Smart About Training Options 



< continued from page 34 

invariable technical glitches 
and snafus that detract from the 
learning environment. 

Whether Web- or class- 
room-based, the course con- 
tent is undeniably the most 



important part of the training 
engagement. And content con- 
siderations usually begin with 
the choice between off-the- 
shelf courseware and tailored 
training help. 

"I don't look to customize 



the material to reflect our own 
process and business," said 
H SBC's Iniguez. "I like for our 
team to get the benefit of 
understanding what's used in 
the industry so that we can 
better determine how we can 



use that and apply it to our 
business." 

Off-the-shelf packages are 
invariably cheaper, relatively 
more abundant, and when de- 
livered online, more conve- 
nient for developer teams 
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who can work through modules 
at their own pace. Yet this 
canned content often is impo- 
tent to address especially 
gnarly technical or organiza- 
tional problems. 

"I think it's much easier for 
technology organizations to 
realize they don't know a par- 
ticular tool, technology or lan- 
guage and go for point training 
for it," said Galen. "What 
seems to be harder for many is 
detecting more amorphous 
training needs. For example, 
leadership skills, facilitation 
skills, project management 
skills and process skills seem 
to be areas that are often over- 
looked." 

Negotiating about course 
material also provides a chance 
to learn about the trainer. Espe- 
cially in advance of any highly 
tailored training engagement, 
the instructor should be work- 
ing hard to learn about the par- 
ticular organizational problem 
and establish some reasonable 
plans for solving it. 

"I'm not saying you should 
play dumb and let the trainer 
do all the work; you need to 
think through and articulate 
what you want the outcome to 
be," said Atlas' Arneson. "But 
the trainer should have a lot of 
experience to help you in this 
process. If they seem unwilling 
or unable to help you formulate 
the appropriate material and 
outcome, there may be a mis- 
match. Obviously with off-the- 
shelf or moderately tailored 
training, the degree to which 
this happens is less, but they 
should still be willing and able 
to guide you." 

TIME-SHIFTING 

Clicking through the gobs of 
training offerings from big ven- 
dors and solo consultants alike, 
it's easy to become somewhat 
bleary-eyed. One may ask, 
Where exactly did all these 
choices come from? And where 
is all this training business 
headed? 

The answer to the first ques- 
tion, according to William Rice, 
is that software training itself has 
become a bona fide industry 
during the previous few decades. 

"When I started my career, 
development managers and 
teams didn't realize that training 
is a profession with its own cer- 
tifications, science and method- 
ologies," said Rice, a New York 
► continued on page 37 
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City-based consultant who's been devel- 
oping software training and documenta- 
tion since the late 1980s. "So they tend- 
ed to search for people who knew the 
subject area being trained and the tools 
used to create the training material." 

Today, training is a recognized pro- 
fession, Rice continued. In addition to 
basic knowledge of the subject area, 
trainers are evaluated on their ability to 
create computer-based-training mod- 
ules or online courses. Various software 
tools — Rice mentioned Viewlet Builder 
and Captivate as examples — are making 
it easier to rapidly bang out 
e-learning offerings. And 
these offerings are nec- 
essary given demands 
for shorter, Web-based 
and just-in-time train- 
ing sessions. 

At least two future trends may loom 
on the training horizon. 

The first is the rise of blended learn- 
ing, an interchangeable combination of 
synchronous and asynchronous class- 
room and online instruction. Virtual labs 
constitute one technology making 
blended learning possible. 

These labs, which automate the pro- 
visioning of live software environments, 
allow developers to "create sandbox 




environments where they can practice 
and fail without risking their worksta- 
tions," said Marcus MacNeill, director of 
product strategy for virtualization ven- 
dor Surgient. 

The second trend is percolating inter- 
est in Information Technology Infra- 
structure Framework, or ITIL, among 
the training community. Many trainers 
already deal in the alphabet soup of 
training practices. Yet ITIL, developed 
by the U.K. government in the 1980s as 
an attempt to achieve quality and value 
in the government's IT activities, is 
unique in its focus on services. 

I believe ITIL fills a huge, 
gaping hole," said Koch. 
Most of the things that 
have been available to 
date— PMBOK, CMMI, 
PSP/TSP, Agile— are 
project-oriented. How- 
ever, most organizations I work with 
have issues around ongoing operations 
and services — things that don't really fit 
the definition of 'project.' " 

Koch's only problem is that he finds 
himself somewhat shy of ITIL expertise 
at the moment. So he's shopping around 
for — you guessed it — training help. 

"I am in research mode on ITIL 
right now," said Koch, "and will get my 
first ITIL certification next month." I 
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EDITORIALS 

Time for a U.S. Cybersecurity Chief 

Software development managers, working in the private sector, proba- 
bly don't want their governments setting rules and regulations for 
secure programming practices. But guidance, and visibility for computer 
security at the highest levels of government — that's important, not only 
to emphasize the critical need for security, but also because there are 
unique resources that only governments can provide in terms of research 
and prescriptive measures. 

That is why the failure of the U.S. Department of Homeland Security 
to fill the position of cybersecurity chief, which has remained open for 
nearly two years, is disgraceful. Not only does the United States have a 
large, and growing, computer security problem, but software develop- 
ment is an area in which the U.S. is generally seen as a leader and inno- 
vator, and a positive influence for change. But not in cybersecurity. 

We acknowledge that the appointment of a politicized cybersecurity 
chief, who will assume the title of formal assistant secretary for cyberse- 
curity and telecommunications, truly is a symbolic gesture. But symbols 
are important. Naming an individual to that post will serve as a formal 
acknowledgment from the U.S. government that secure coding practices 
play a pivotal role in preventing unauthorized access to consumer infor- 
mation and other key data. 

Having a cybersecurity chief will also prompt the Department of 
Homeland Security — and potentially, other governments — to implement 
a 2-year-old set of recommendations put forth by its Improving Securi- 
ty Across the Software Development Lifecycle task force. But until the 
U.S. government accepts its own recommendations, it is unlikely others 
will follow them. 

While government procrastinates, the private sector, driven by the 
profit motive, has moved ahead in educating development teams and 
senior management about secure coding practices, and in creating new 
products and services to help write better software. And even though the 
subtext of their message is clearly "buy our tools," these software com- 
panies are doing a better job than the U.S. government. 

Government can and should serve as a neutral source of knowledge. 
The world has benefited from the work done by the U.S. National Insti- 
tutes of Health and Centers for Disease Control, for example. While cer- 
tainly computer security isn't a problem oithat magnitude, the U.S. gov- 
ernment has an obligation to fill its own open position. Today's 
government places an emphasis on protecting the homeland. It's time to 
appoint a cybersecurity chief. 

Set Your Java Children Free 

Sun Microsystems recently revealed part of its plan to make available 
the source code for Java Standard Edition and its Java Micro Edition. 
Bad move. Releasing Java ME as open source could spell disaster for a 
marketplace of mobile devices that is already severely fragmented. 

Although Sun has kept the details of its open source plans mum, we 
believe the potential for further forking is very real. 

In precisely the same way that Linux has become fragmented — 
requiring consortia such as the OSDL, LiPS and CELF to fight for stan- 
dardization — so too might Java ME further divide, exacerbating the 
already convoluted maze of mobile targets that carriers, software com- 
panies and developers everywhere are forced to navigate. 

To prevent this nightmare scenario, Sun needs to say it will not only 
accept input in terms of its distribution license, as it has done, but also 
actually put that input into practice. After that, Sun needs to step aside 
and let its Java children stand on their own. It can't truly open-source the 
software while reserving the right to define the specification. 

If it succeeds, the potential exists for Java, already dominant in the 
mobile space, to become the only runtime for mobile phones. The stakes 
could not be higher. As Sun's James Gosling notably remarked, the cell 
phone is tomorrow's desktop. I 



New Strategies Reflect Outsourcing 



Under increasing market pressures, 
organizations continue to focus on 
fostering core competencies while 
offloading non-core activities. Discus- 
sions about which software develop- 
ment activities fit into "core" and "non- 
core" buckets are commonplace today, 
and nearly every company with a soft- 
ware R&D function has an outsourcing 
strategy. 

In 2003, according to a 
study published in Software 
Development magazine, 23 
percent of software compa- 
nies in North America said 
they were outsourcing some 
portion of research and devel- 
opment. By 2005, that had 
grown to 29 percent — it is 
estimated that the trend is 
growing at an annual rate of 
30 percent. In industries like automo- 
tive, pharmaceutical and electronics, 
90 percent of firms outsource some 
portion of R&D. 

The conversation today has shifted 
from a question of outsourcing to how 
it can be made to work. The most 
sophisticated organizations use a vari- 
ety of software talent in their outsourc- 
ing mixes. While the optimal outsourc- 
ing composition will vary between 
organizations, managers of successful 
R&D outsourcing models respect four 
important truths. 

FOUR TRUTHS OF OUTSOURCING 

First, they know that outsourcing does 
not equal offshoring. They recognize a 
range of third parties that may fit into 
the overall outsourcing mix. Sophisti- 
cated outsourcing models typically 
include at least four different types of 
labor options: in-house teams, sub-con- 
tractors within the same city (or even 
the same office), specialized firms on 
the same continent, and development 
houses overseas. Today's R&D man- 
agers are experts at evaluating a partic- 
ular project's unique profile and match- 
ing the right mix of outsourcing 
vendors to the project. 

Second, organizations with opti- 
mized outsourcing strategies know that 
outsourcing does not mean "over the 
wall." They respect that an outsourced 
project requires at least as much man- 
agement as an internally hosted pro- 
ject, and they evaluate what manage- 
ment style will be required. This can 
range from fully hands-on oversight to 
nearly total automation — and a range 
of scenarios in between. 

Third, they know that sending work 
offshore is not necessarily cheaper. In 
fact, many may have been burned by 
projects that were blindly offshored 
during the tech downturn — not 
because the offshore vendor was 
incompetent, but because the project 
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was unsuitable for a foreign vendor. 
Today's more experienced R&D man- 
agers look at more than hourly labor 
costs — they also evaluate a project's 
overall profile and map that to an 
appropriate outsourcing mix. 

Finally, successful outsourcing 
models recognize the difference 
between IT software projects and 
product development pro- 
jects, and they outsource 
accordingly. Whereas IT 
developers never have to 
look at the codebase, prod- 
uct development requires 
expertise to make a plat- 
form do what it wasn't sup- 
posed to, with the ultimate 
goal of getting first-to-mar- 
ket. This focuses on innova- 
tion, on reading between 
the lines to turn a never-been-tried 
idea into a winning product. 

READING BETWEEN THE LINES 

Not every software development pro- 
ject requires a high degree of innova- 
tion. Many projects — such as those 
with highly detailed requirements 
specifications, or those surrounding 
maintenance of mature products — can 
largely be controlled by automated 
processes and tools. In these situations, 
minimizing costs and maintaining 
product margins are of paramount con- 
cern, and due to the controls in place, 
these are low-risk projects to out- 
source. Offshore firms, particularly in 
India, have proven their value in these 
projects. 

But, while talk about outsourcing 
software R&D tends to raise thoughts 
of India almost immediately, India is 
not the whole story. In fact, as a legion 
of failed offshore software projects 
attest, a more sophisticated approach 
to outsourcing needs to be considered, 
in particular for projects that are time- 
sensitive, or that require a high degree 
of innovation. 

Products like those in the early 
stages of development, "one-off pro- 
jects for a specific customer, urgent 
projects with short timelines, or highly 
experimental projects that require a 
specific skill set are ideal candidates 
for outsourcing to near-shore partners. 
Software development firms that are 
"near" to you in time zone, culture or 
location offer the advantages of out- 
sourcing without the linguistic, cultur- 
al and time zone distractions that off- 
shoring entails. 

In Canada, where I live, such firms 
are carving out a niche in the successful 
delivery of highly innovative or time- 
sensitive projects. They are adding 
significant value to in-house North 
American teams that may be unable 
to tackle those projects due to availabil- 
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ity, skills gaps or cost considerations. 

Perhaps more importantly, outsourc- 
ing partners within North America share 
your culture and ideally have a wide 
range of relevant product and industry 
experience. So, a great deal can go 
unsaid or undefined. In a good near- 
shore relationship, the partner will intu- 
it your needs to a degree that is not 
achievable when working with offshore 
vendors. A near-shore partner who 
understands the product development 
environment will be able to read 
between the lines. 

For example, a near-shore partner 
can fill in the gaps between a high-level 
need (e.g., "We would like to build a 
softphone for WiFi-enabled devices"), 
and all the details of execution that need 
entails, without needing the details on 
paper. In fact, the partner's capability 
should include a strong user interface 
design practice, and the ability to flesh 
out and define a project based on a high- 
level expression of need. 

THE RATE GAP 

You may be thinking, "But North 
American wages are four times higher 
than what I'd pay for offshore develop- 
ment. At that price, I can afford some 
screw-ups and delays." But low labor 
rates are no guarantee that a project 
will save a software firm money. Hard 
experience has taught many firms that, 
when the wrong type of project is out- 
sourced offshore, the cost of misunder- 
standings and delays quickly outstrips 
the cost of having a better-suited near- 
shore vendor perform the work. This is 
especially true of time-sensitive pro- 
jects, where the cost of ramping up an 
offshore team can quickly eat up any 
rate-based cost savings. 

It's also worth noting that, just as the 
approach to outsourcing has evolved and 
matured to embrace a variety of ven- 
dors — including local, near-shore and 
offshore — so, too, has the near-shore 
business model. Sophisticated near- 
shore vendors have global teams, giving 
them the advantage of global costs in 
addition to innovation, experience, 
speed, response time and the agility of a 
core innovation team. 

When combined with the right set of 
development processes, close — and 
closely managed — relationships with 
firms overseas help near-shore vendors 
to deliver products at lower cost, with no 
sacrifice in time-to-market or quality. By 
extension, the organizations that partner 
with these near-shore vendors are able 
to deliver effectively on their product 
commitments — faster, more efficiently, 
and with high quality. I 

Frederic Boulanger is president and 
CEO of Macadamian, a Canada-based 
software company. 



Don't Write Your E-Mail 



Software developers write a lot of e- 
mail, and a lot of it isn't well-writ- 
ten. No, I don't mean the messages that 
you send to your team about tomorrow's 
pizza lunch, or the status report for pro- 
ject requirements, or that really lame 
joke that's going around the office. I 
mean the e-mail messages that are pro- 
grammed into server-side applications, 
such as confirmation mes- 
sages when someone buys 
something from your Web 
site or requests a new pass- 
word, or even alerting them 
that there's a pending inven- 
tory transaction in a queue. 

All too often, those mes- 
sages — which are sent by the 
billions to customers, partners 
or suppliers — are composed 
and programmed by someone 
in the IT department. It might be a sys- 
tems administrator configuring Exchange 
or Oracle, or it might be one of your 
developers hard-coding an SMTP mes- 
sage into a .NET or Java EE application. 

Having your developers write the 
message that says "Dear customer: Here's 
your new password" or "Dear partner: 
Your account balance is overdrawn" 
seems simple. But every external com- 
munication from your company should 
be driven by someone in your sales, mar- 
keting or customer-service department. I 
know it's a pain and that bureaucracy is a 
nuisance. But that's just how it should be. 

Why? Every external communication 
from your company, including automated 
alerts or transaction confirmations gener- 
ated by your server-side apps, affects your 
company's reputation. To a salesperson, 




it's an opportunity to improve the rela- 
tionship. To a marketer, it's a chance to 
strengthen the company's brand. To 
someone in your partner relations depart- 
ment, it's a chance to cement a bond. 

Or it's an opportunity to blow it. If your 
e-mails have typos, they look bad. If they 
don't use the right corporate messaging, 
your organization has lost an opportunity. 
But things can be even 
worse: If your transactional e- 
mail messages aren't following 
industry best practices, they 
can be caught in spam traps. 
That means that customers 
aren't getting your messages, 
which will potentially cost your 
company money in lost busi- 
ness or extra support costs. (If 
it costs your company $1.10 — a 
reasonable industry average — 
to send out an e-mail confirmation of a 
purchase, and someone doesn't get it and 
calls your call center, that call might cost 
you $10 to process.) 

Good messages help the business. Bad 
messages hurt. I'm writing this from a 
conference on e-mail communications, 
where there have been numerous case 
studies presented that highlighted the 
dangers, and business costs, of having IT 
departments write and transmit messages 
without input from your company's e-mail 
experts. Yes, that request for a new pass- 
word or that notification that a customer's 
monthly bill is ready for download seems 
innocuous. But it's not a message that 
your developers should write. I 

Alan Zeichick is editorial director of SD 
Times. 



Are You Familiar With DATA WATCH 

'Device Software Optimization'? 

Device Software Optimization is a term 
coined and championed by Wind River 
Systems. DSO is the result of evolving 
vendor marketing strategies to meet the 
ever-changing technology landscape and 
the needs of embedded software devel- 
opers. It represents a way for the compa- 
nies that use the term to communicate 
their recognition of the complexity of 
device software development 
through the availability of broad- 
er sets of commercial-off-the- 
shelf software platforms. 

But according to research firm 
Venture Development, only about 
41 percent of embedded developers have heard the term 
they understand the underlying message. 

Those results, published in late July, mirror the findings in an SD Times Special Report 
("DSO: Valuable Strategy, or a New Label on an Old Package?" April 15, page 18), which 
reported that critics call "device software optimization" a marketing term, while Wind Riv- 
er's chief marketing officer maintains that DSO represents a fundamental change in the 
embedded software industry. 




i have nearC 
*nor^r wtrat il is, 



29 T &% 



and only about 12 percent say that 



JfflFffllAEEtttLP'H;'! 




fttt libLVr BiiftkJrfJH" IlT SdllrtTO tkhHluii^ iHfUQtfL 



Software Development Times 

Issue No. 157 

September 1, 2006 

Editorial 

Editor-in-Chief 

David Rubinstein 

+1-631-421-4158 xl05 
drubinstein @bzmedia . com 

Executive Editor Columnists 

Edward J. Correia Andrew Binstock 

+1-631-421-4158x100 Allen Holub 

ecorreia@bzmedia.com Larry O'Brien 



Managing Editor 

Patricia Sarica 

psarica@bzmedia.com 

Senior Editors 

P.J. Connolly 

pj connolly @bzmedia. com 

Jennifer deJong 

jdejong@bzmedia. com 

Alex Handy 

ahandy@bzmedia.com 



Contributing Writers 

Geoff Koch 
Susan Messenheimer 
Lisa L. Morgan 
Carol Weiszmann 

Special Projects 
Editor 

George Walsh 

gwalsh@bzmedia.com 

Editorial Director 

Alan Zeichick 

+1-650-359-4763 
alan@bzmedia. com 



Art & Production 



Art Director 

Mara Leonardi 



Art/Production 
Assistant 

Erin Broadhurst 



Sales & Marketing 



Publisher 

Ted Bahr 

+1-631-421-4158 xlOl 
ted@bzmedia.com 

Associate Publisher 

Charlie Shively 

+1-508-893-07364 
cshively @bzmedia. com 

Southwest U.S./Asia 

Robin Nakamura 

+1.408-445-8154 
rnakamura@bzmedia.com 

NorthwestU.S./ 
Canada 

Paula F. Miller 

+1-925-831-3803 
pmiller@bzmedia. com 

Southeast U.S./ 
Europe 

Jonathan Sawyer 

+1-603-924-4489 
jsawyer@bzmedia.com 

Northeast/ 
Central U.S. /Canada 

David Lyman 

+1-978-465-2351 
dlyman @bzmedia. com 



Advertising Traffic 

Phyllis Oakes 

+1-631-421-4158 xll5 
poakes@bzmedia. com 

Marketing Manager 

Marilyn Daly 

+1-631-421-4158 xll8 
mdaly@bzmedia. com 

List Services 

Nyla Moshlak 

+1-631-421-4158 xl24 
nmoshlak@bzmedia. com 

Reprints 

Lisa Abelson 

+1-516-379-7097 
labelson@bzmedia.com 

Accounting 

Viena Isaray 

+1-631-421-4158 xllO 
visaray@bzmedia. com 



Reader Service 

Director of Circulation Customer Service/ 

Agnes Vanek Subscriptions 

+1-631-421-4158 xlll +1-847-763-9692 

avanek@bzmedia.com sdtimes@halldata.com 



BZ Media 




President 

Ted Bahr 




Executive Vice President 

Alan Zeichick 




BZ Media LLC *- 

7 High Street, Suite 407 
Huntington, NY 11743 
+1-631-421-4158 
fax +1-631-421-4045 
www.bzmedia.com* info@bzmedia.com 


BPA 

■ r i . 1 i ■ 1 ■ 



40 



COLUMNS 



. Software Development Times . September 1 r 2006 . 



www.sdtimes.com 



Two Views of Ruby, in Plain Language 



It Isn't All a Gem 



Several months ago in this column, I 
pointed to Ruby as a dynamic lan- 
guage worthy of thoughtful considera- 
tion for scripting, even for developing 
entire applications. While my affection 
for the language remains high, I am con- 
cerned about the rampant hyping I keep 
reading regarding Ruby Like any lan- 
guage, Ruby has weaknesses that any 
developer (especially non-Java develop- 
ers) will quickly recognize. 
Here are the salient ones. 

Long Learning Curve. 
Many articles talk about the 
ease of learning Ruby and pro- 
vide examples of its greater 
concision when compared with 
Java. (See Maik Schmidt's 
Guest View, "Dynamic Ruby 
Gets Ready for the Enter- 
prise," July 1, page 34, for an 
example.) Let's be accurate 
here: Almost any language except 
COBOL will be more concise than Java, 
but concision does not make it easy to 
learn or use. In fact, Ruby is dependent 
on tricks used in Perl, such as specially 
named variables that are not intuitive, to 
provide shortcuts and concision. This 
design has been widely condemned in 
Perl because it sacrifices readability. The 
same applies to Ruby. (Consider these 
four predefined — and unrelated — vari- 
ables: $! $-0 $0 and $_ .) 

Ruby also uses techniques that derive 
from printf-style codes. The String 
unpack command provides 37 format 
codes for different ways of extracting 
data from a string. There are 22 codes for 
booleans regarding a file status. And 
because most of these codes are used in 
Ruby, they have to be memorized. Is the 
code ?S clearer than an API call to test 
whether a file is a socket? It's more con- 
cise, but hardly clearer. To be proficient 
at Ruby — even to read it easily — you 
need to memorize these hard-coded syn- 
tactical features of the language. Java, 
C++ and Python, by comparison, require 
far less rote memorization to learn the 
language. 

The learning curve is hampered by 
the absence of good tutorials. The bible 
of Ruby developers is "Programming 
Ruby" from the Pragmatic Program- 
mers (Dave Thomas and Andy Hunt). 
It's a decent reference work for the lan- 
guage and the APIs, but insufficient as 
a tutorial. It lacks the steady develop- 
ment of code of increasing complexity 
to bring the reader along from simple 
to large complex applications. It is 
nothing like the terrific tutorials by the 
same authors on other programming 
topics. Moreover, there are few alter- 
nate resources, although several books 
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are finally on the way. 

Slow Execution. Ruby is translated; 
there is no concept of VMs. As a result, 
performance is distinctly sluggish. Oddly 
enough, this lack of translation to an effi- 
cient binary format is touted as an advan- 
tage by many evangelists because skipping 
the compilation step is perceived as such 
a timesaver. This either/or view reflects a 
lack of knowledge of alternatives. Dynam- 
ic languages today can be both 
interpreted and compiled. For 
example, Groovy and NetRexx 
are two languages that can be 
run interpretively from the 
command line or compiled to 
Java bytecodes. The benefit of 
the latter option is the ability 
to leverage the years of work 
that have gone into optimizing 
JVM performance — some- 
thing Ruby desperately needs. 
JRuby, the effort to have Ruby run on the 
JVM (in the manner of Jython), is one 
possible solution. However, that project is 
moving along slowly and has garnered 
surprisingly little support from the larger 
Ruby community. 

Lack of Tools. Few tools today sup- 
port Ruby development, and those that 
do aren't terribly impressive. The princi- 
pal commercial IDE, Active State Komo- 
do 3.5, barely functions well enough to 
use. It hangs frequently and has limited 
syntactical support for the language. 
Remaining dev tools are equally imma- 
ture. So, developers accustomed to the 
robust development environments for 
Java, C/C++ and C# will suddenly find 
themselves using tools from 10 years ago. 
Expect to use a plain editor for develop- 
ment and to rely on printf-style dumps of 
variables for debugging. Fortunately, a 
tracing facility is built into the language. 
Ruby enthusiasts talk about how the 
language puts fun back into program- 
ming. Personally, I think this is true 
of any scripting language, except maybe 
Perl. Writing shorter programs that can 
do a lot is always a pleasure. Ruby on Rails 
(RoR), the Web framework that runs on 
Ruby, adds to this pleasure by its truly ele- 
gant, intuitive design. More than features 
of the language per se, RoR is the real rea- 
son to adopt Ruby. It has led to a remark- 
ably active community, which gives Ruby 
additional appeal. Posts to mailing lists are 
answered quickly and with very little 
flaming for even obvious errors. However, 
don't expect a panacea in Ruby, but a lan- 
guage with its own strengths and weak- 
nesses and an acute need for better tools 
and better performance. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 



Crossing the Chasm 



Every five to seven years, the pro- 
gramming community embraces a 
new language: C#, Java, C++, Turbo 
Pascal, C, etc. Generally, this happens 
more or less in conjunction with plat- 
form disruptions: Web services and 
.NET, the JVM and the Web, Windows 
and GUI programming, DOS, etc. 

My theory is that once a language 
"crosses the chasm" into the mainstream, 
for a few years it is seen as 
delivering higher productivity 
with its new libraries and capa- 
bilities. Then, for a few years, 
it is seen as capable, but peo- 
ple start to hear about its 
shortcomings: It didn't antici- 
pate this or that trend, some 
projects inevitably fail, and 
people discover that it is not, 
in fact, a silver bullet. Finally, 
the novelty wears off, the lan- 
guage and library innovations are fully 
internalized by the programmers and 
thus become "no big deal," and a restless- 
ness for The Next Big Language builds. 

While the majority of professional 
developers work in mainstream lan- 
guages, academics, gurus and enthusias- 
tic small teams are constantly churning 
through alternatives. 

"Enthusiastic small teams" is a bit un- 
wieldy, but I don't know a better term to 
encompass the groups that have the self- 
confidence and flexibility to choose, say, 
VB in the 1990s or Seaside today. The 
Next Big Language is first seen within 
this group, but one historical characteris- 
tic is that crossing the chasm involves an 
explosion of interest: articles, books and 
conferences emerge, providing positive 
feedback and creating a buzz that keeps 
the emerging language in the forefront 
of discussion. 

Ruby is experiencing just such a buzz 
right now. Ruby has been around for sev- 
eral years, an underdog to Perl and 
Python in the scripting languages battles, 
with the notable feature of having a 
"pure" object-oriented model. Like those 
languages, Ruby is implicitly typed, which 
has been framed as de rigueur for pro- 
ductivity (a point on which I disagree). 

Also, Ruby is the language of Rails, a 
Web app framework whose "convention 
over configuration" philosophy is provoca- 
tively contrarian. Perhaps most important, 
the innovative Pragmatic Programmers 
publishers threw themselves behind Ruby 
and produced two best-selling books 
("Programming Ruby" by Dave Thomas 
and Andy Hunt and "Agile Web Develop- 
ment With Rails" by Thomas and Rails 
creator David Heinemeier Hansson). 

According to Tim O'Reilly of O'Reil- 
ly and Associates, these books have been 
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the drivers behind a 689 percent quar- 
terly increase in sales of books on Ruby, 
bringing total sales into the neighbor- 
hood of mainstream languages. This suc- 
cess has not gone unnoticed, and the 
publishing pipeline is stuffed with Ruby 
and Rails books that will be hitting the 
shelves this fall. (Meanwhile, on "flash- 
interest" sites like Digg and Techmeme, 
Ruby is clearly a successful keyword. 
Those who track job sites and 
keywords say that calls for 
Ruby programmers, while 
still distinctly uncommon, are 
expanding rapidly.) 

I am not one of those who 
believe that all programmers 
share a common mindset, that 
the popularity of mainstream 
languages is the result of 
"brainwashing" and massive 
marketing. 
Instead, I believe that in addition to 
the previously discussed multiyear cycle 
and the positive feedback of interest, a 
particularly helpful library or framework 
can play a huge role in moving a language 
into the mainstream. Network program- 
ming in Java, for instance, was vastly easi- 
er than alternatives using sockets. Today 
Rails provides one of the fastest routes to 
creating a custom data-driven Web site. As 
always, there is no silver bullet: Rails' 
"scaffolding" is more of a learning tool 
than a foundation for a production system. 
The idea that technologies that 
appear to be succeeding face a difficult 
chasm before being adopted by the 
majority comes from Geoffrey Moore's 
seminal 1991 book "Crossing the 
Chasm," which provides the best 
explanatory model for programming lan- 
guage popularity that I've seen. I believe 
that Ruby requires only one thing more 
to cross the chasm: interoperability with 
one of the two major managed platforms, 
Microsoft's Common Language Runtime 
or the Java Virtual Machine. At the 
moment, JRuby — an implementation of 
the language targeting the JVM — 
appears to be closer to feature-complete 
than competing offerings on the CLR 
side: Ruby.NET from the Queensland 
University of Technology and IronRuby 
from Wilco Bauwer. All of these projects 
are far enough along, though, that it is 
clear that Ruby will become available to 
these environments that dominate cor- 
porate development. The time has come 
for corporate developers not just to keep 
their eye on, but to learn Ruby. The 
chasm is being crossed. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing., net. 
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Just Say No to XML 



XML is perhaps the worst program- 
ming language ever conceived. I'm 
not talking about XML as a data-descrip- 
tion language, which was its original 
design. I'm talking about perverting XML 
for programming applications. It's inap- 
propriate to use XML as a scripting lan- 
guage (e.g., ANT), a test-description lan- 
guage (e.g., TestNG), an object-relational 
mapping language (e.g., Hibernate, JDO), 
a control-flow language (e.g., JSF), and so 
forth. These sorts of XML "programs" are 
unreadable, unmaintainable, an order of 
magnitude larger than necessary, and 
audaciously inefficient at runtime. 

So, why would anybody use XML in 
this bizarre way? As far as I can tell, it's 
because many so-called programmers 
just don't know how to build a compiler. 
I really don't have much patience for 
this sort of thing. To my mind, there is a 
minimum set of topics with which you 
have to be conversant to call yourself a 
professional programmer. If you don't 
know these things, you're a dilettante. 
This list includes a deep understanding 
of data structures and key algorithms, a 
little math (set theory, logic, a little sta- 
tistics), mastery of analysis-and-design 
techniques, both process (e.g., RUP or 
XP) and structure (e.g., design patterns), 
and database structure and use (e.g., 



SQL). You also need to know how the 
hardware works. 

You need this stuff even if you're not 
actually using it in your work, because no 
matter what you're doing, knowing this 
material will make your work better. How 
could you possibly decide which of Java's 
Collection classes to use in a particular 
situation if you don't know 
how those classes work under 
the covers, for example? 

Knowing how to build a 
compiler is certainly one of the 
skills on this need-to-know list. 
Compilers are fundamental to 
what we do every day as a pro- 
grammer. Knowing how the 
compiler works will let you 
make intelligent decisions 
about program structure, deci- 
sions that have real impact on the quality 
of our programs. More to the point, most 
programs have to parse input (either from 
a human being or from a machine) and 
make sense of it. To do that, you have to 
build a small compiler. Corrupting XML 
for this purpose, simply because you hap- 
pen to have an XML parser lying around, 
is inappropriate at best. 

Basically, you're selfishly making your 
life easier at an enormous cost to every- 
one else. For every hour you save, you're 




subjecting every one of your users to 
many hours of needless grappling with 
overly complex, hard-to-learn, hard-to- 
maintain, impossible-to-read, XML- 
based garbage. This is no way to make 
friends and influence people. 

Learning how to build compilers is, 
unfortunately, too difficult. The most 
widely used textbook, Aho, 
Sethi and Ullman's "Compil- 
ers, Principles, Techniques 
and Tools," is a classic exam- 
ple of everything that's wrong 
with academic writing. Its 
thorough, but impenetrable, 
coverage of the subject offers 
virtually no practical informa- 
tion. The academicians love 
it, but I'd recommend avoid- 
ing the book unless you have 
a strong mathematical background and 
are interested more in the underlying 
math than practical application. 

By contrast, Watt and Brown's "Pro- 
gramming Language Processors in Java: 
Compilers and Interpreters" is a great 
practical introduction to the subject. The 
authors take a learn-by-doing approach, 
presenting the complete sources for a 
compiler and interpreter in Java. Though 
this book is probably the best introduction 
to compilers for Java programmers, the 



Java itself is not particularly well done. It's 
very procedural (using lots of public 
fields, for example), doesn't use polymor- 
phism particularly well, uses way too 
many impenetrable single-character vari- 
able names, and other bad things. As long 
as you mentally separate the compiler 
topics from the Java ones and don't take 
the Java as a model of good programming 
practice, then the book is fine. 

Kaplan's "Constructing Language 
Processors for Little Languages" is 
another good introductory text with 
plenty of (unfortunately C+ + ) code in it. 

By the way, my own "Compiler 
Design in C" also has vast amounts of 
code in it, but it's obviously all C, not Java. 
My book shows you not only how to build 
a compiler, but also how to build the tools 
that you need to build compilers. (I pro- 
vide full lex and yacc implementations.) 
When you're done learning and moving 
on to doing, there are a bunch of tools 
available to help you build compilers, 
most of them free. 

"The Catalog of Compiler-Construc- 
tion Tools" (catalog.compilertools.net) is 
a great compendium of every tool that I 
know of. There's not much point in look- 
ing at this site unless you've read a book 
on the subject first, but once you have, 
it's a great resource. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holuh.com. 
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Yeah, we're busy and behind sched- 
ule. Sure, there's a lot on the line 
with this next release. 

But last month, we set aside two days 
to bring our team together — off-site, 
away from the ringing phones and 
demands of our executives — to tear 
apart SD Times and our processes for 
creating it, all with the idea of making it 
better going forward. 

So for this column, I'll give 
you a look behind the scenes 
at our editorial meetings. 
Although the sessions were 
just for our small group, we 
tried to set it up in as formal a 
way as you might find at 
an industry conference, with 
some of us assigned the task 
of presenter, times affixed 
to each session, and coffee 
breaks and after-hours events as well. 

At the first session, we spoke about 
how the Internet has changed the deliv- 
ery of news; how many vendor Web 
sites, it seems, strive to offer some kind 
of news or information or blog to keep 
customers coming back for fresh infor- 
mation. We discussed what the compet- 
itive pressures on SD Times are, and 
how we are facing them — even winning, 
in many, many cases. 

We spoke about how we develop our 
stories, how we cultivate our sources of 
information, and how important we 
believe context is to provide some per- 
spective around the news and events we 
cover. 

Deadlines were a hot topic. Writers 
always want to hold on to their work 
until the last possible moment, search- 
ing for that elegant turn of phrase to 
bring their prose to life. Editors, under- 
standably, don't want to be buried under 



an avalanche of last-minute stories that 
all have to be read for content, grammar 
and style. 

The look and feel of the newspaper 
also is important to us, and our readers. 
Graphics, color and photos all were 
dissected — why did we use them, why 
didn't we use them, why didn't an impor- 
tant story have a better illustration? 

All of which got me to 
thinking. . .producing software 
and putting out a newspaper 
have quite a bit in common. 

First of all, we need to 
know our requirements — in 
our case, it's asking if the sto- 
ries proposed at our news 
meetings meet our mission of 
providing timely, accurate, 
unbiased information to our 
■* rf ^ core reader base of software 
development managers in enterprise 
organizations. 

Then, we need to follow the estab- 
lished development process. Just like 
many software shops around the world, 
the process for developing each issue of 
SD Times is kind of a homegrown 
methodology, cobbled together from the 
best practices learned by each individual 
over the course of many years in the 
publishing industry. 

Testing is a little different. On one 
level, we test it during the development 
process, as we proofread and fact-check. 
But on a higher functional level, we can 
test only how well it met your require- 
ments after it's been released. And the 
way we do that is through reader feed- 
back — when you tell us what you like or 
don't like, we try to incorporate that 
information into the next "build." 

We have to deal with advertisements 
coming in from outside sources. Much 



like Web services, it's important that all 
the components of SD Times are devel- 
oped to the same specifications, or else 
the newspaper won't look very good. 

Finally, our physical production and 
distribution — that is, printing and mail- 
ing — is outsourced. So there are issues 
of managing the print process from a 
remote location, understanding when 
and how the print shop works, getting to 
see page proofs before the paper is put 
on the press, and more. And then, of 
course, the finished newspapers are 
delivered to the post office. 

Setting aside time to meet as a team is 
critical to improving the process, and the 
product. I have heard from developers 
who are sent to conferences by their 
companies but then are never asked to 
write up a report about what they've 
learned, or to lead a session with their 
team members to explain what they 
found out at that conference. The knowl- 
edge benefits only the one, not the many. 

I know it's difficult for some team 
members to give their opinions or share 
their knowledge, for fear of angering or 
upsetting a manager or co-worker. Gath- 
ering at a neutral site helps level the 
playing field, and can make everyone on 
the team feel more comfortable about 
speaking. 

It's important to encourage all mem- 
bers of the team to participate. After 
all, they were hired because of their 
skills, and because of what they bring to 
the table. 

If that table is seeded with coffee, 
muffins and other snacks, away from the 
boss's office, a different kind of produc- 
tivity can be had that can only make your 
products better in the long run, whether 
that product is a newspaper or a soft- 
ware application. Ultimately, they're 
very much the same. I 
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BUSINESS BRIEFS 



IBM AUGUST ACQUISITIONS TOP $2B 

IBM completed a trio of acquisitions last month, designed to bolster its position in 
the SOA, asset management and content management markets. 

First, IBM announced it had acquired privately held Webify Solutions, an 
Austin, Texas-based company that sold software and services for industry-specific 
service-oriented architectures. Financial terms of the deal were not made public. 
IBM said it will roll Webify's software into its WebSphere brand and that it will make 
the software available through its Global Services. 

Then, the company announced a definitive agreement to buy MRO Software, 
which sells asset and service management software, for US$740 million. This soft- 
ware will be integrated with IBM's Tivoli offering. "In a recent IBM study, 40 percent 
of CEOs indicated that asset utilization would be a key focus in strengthening finan- 
cial performance," said Al Zollar, general manager of IBM Tivoli software. The deal 
is expected to close in the third quarter. 

Finally, in mid-August, IBM said it will spend about US$1.6 billion to acquire 
FileNet, a 24-year-old maker of document and content management solutions. 

IBM said it will integrate FileNet's tools with software offered by its information 
management division and with its existing business process management tools, as 
a way to bolster its information-as-a-service strategy. The deal is expected to close 
by the end of this year. 



SAP's global NetWeaver Fund has made its first investment, placing US$125 million 
with remote device management software company Questra. The Questra Remote- 
Service Composite Application helps organizations monitor devices remotely and 
automatically create and send service notifications via SAP's Service and Asset 
Management software. 

EARNINGS: Raining Data announced net revenue of US$4.7 million for its first 
fiscal quarter of 2007, ended June 30. That's a decline of about 12 percent from the 
same quarter in the prior year, when revenue was $5.3 million. Net loss for the quar- 
ter was $1.1 million; for the same year-ago period, the company posted a net loss of 
$200,000. Raining Data sells XML database management and information aggrega- 
tion software . . . Integration software provider Magic Software reported US$15.2 
million in revenue for its second fiscal quarter 2006 ended June 30. That marks a 
slight decrease from the $15.7 in revenue from the same quarter a year earlier. The 
company posted a net loss for the quarter of $1.33 million, or 4 cents per share, 
compared with a net loss of $1.16 million for the same period in 2005. "Our disap- 
pointing results this quarter can be attributed, to a large degree, to serious man- 
agement problems at one of our major European subsidiaries, which has forced us 
to make a thorough re-structuring of our branch," said David Assia, Magic's chair- 
man and CEO, in a statement. Magic is based in Or Yehuda, Israel. I 



CALENDAR OF EVENTS 



EclipseWorld 2006 

Boston 
BZ MEDIA 

www.eclipseworld.net 



Sept. 6-8 



Sept. 6-8 



Austin Game Conference 

Austin, Texas 

THE GAME INITIATIVE 

www.gameconference.com 

VSLive Sept. 10-13 

New York City 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/vslive/2006/newyork 



SD Best Practices 
Conference 

Boston 
CMP MEDIA 

www.sdexpo.com/2006/sdbp 



Sept. 11-14 



High Performance Sept. 18 

on Wall Street 

New York City 

LIGHTHOUSE PARTNERS & FLAGG MANAGEMENT 

www.highperformanceonwallstreet.com 

Application Sept. 25-27 

Development Summit 

Phoenix 
GARTNER 

www.gartner.com/2_events/conferences/ad8.jsp 



Embedded Systems 
Conference Boston 

Boston 
CMP MEDIA 

www.embedded.com/esc/boston 



Sept. 25-28 



Intel Developer Forum 

San Francisco 
INTEL 

www.intel.com/idf 



Sept. 26-28 



Open Source Summit Sept. 27-29 

Phoenix 
GARTNER 

www.gartner.com/2_events/conferences/os2.jsp 

AJAXWorld Oct. 3-4 

Santa Clara 
SYS-C0N MEDIA 

www2.sdtimes.com/ajaxworld/ajax_062606.html 

Symposium/ITxpo Oct. 8-13 

Orlando, Fla. 
GARTNER 

www.gartner.com/it/sym/2006_/sym16/sym16_home.jsp 



Oct. 8-11 



Mercury World 

Las Vegas 

MERCURY INTERACTIVE 

www.mercuryevents.net/mercuryworld/home.cfm 

STAR West Oct. 16-20 

Anaheim 

SOFTWARE QUALITY ENGINEERING 

www.sge.com/starwest 

SoftSummit Oct. 17-18 

Santa Clara 
MACR0VISI0N 

www.softsummit.com 



Development 
Products Conference 

San Jose 
EVANS DATA 

www.evansdata.com/dpc 



Oct. 19-20 



Software Test & Nov. 7-9 

Performance Conference 

Boston 
BZ MEDIA 

www.stpcon.com 

For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Altova® XMLSpy® 2006 - The industry standard XML development environment. 





ALTOVA® 

xmlspy 

2006 
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Bring your 

development 
plans to light 

Sneak a peek at XMLSpy® 2006, 
and see how vital it is to master XML. 

Revealed in XMLSpy 2006 Release 3: 

• Superior error messaging with dynamic hyperlinking 

New XSLT 2.0 and XQuery profilers 
- Trace points for enhanced XSLT debugging 
> Innovative restriction handling in XML Schema design 

Altova® XMLSpy, the industry standard XML developme 
environment, is indispensable for modeling, editing, 
transforming, and debugging XML-related technologies. 
Illuminate your strategy with the world's leading XML editor, 
the original graphical schema designer, a code generator, 
file converters, debuggers, profilers, support for XSLT, 
XQuery, WSDL, SOAP, and a wealth of brilliant XML 
utilities and enlightened usability aides. 
Become a markup mastermind! 
Download XMLSpy® 2006 
today: www.altova.com 
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XMLSpy is also 

available as part of 

the award-winning 

Altova XML Suite. 



Microsoft, Visual Studio, and .NET 

are either trademarks or registered 

trademarks of Microsoft Corporation in 

the United States and/or other countries. 
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ONTIME2006 

The Fast & Scalable Team Solution for... 

Defect & Issue Tracking • Feature & Change Tracking • Task & To-do List Tracking • Helpdesk Ticket Tracking 

OnTime is the market-leading project, defect and feature management tool for agile software development and test teams. 
OnTime facilitates tracking, analyzing and trending team-based software development efforts in an intuitive and powerful user 
interface. A fully customizable Ul, powerful workflow, process enforcements, two-way email communications and custom reports 
combine to help software development teams ship software on-time! 

Available for Windows, Web & VS.NET 2003/2005 



OnTime 2006 Professional Edition 




• For Teams of 1 to 1 ,000 Members 

• From $149 Per User 



OnTime 2006 Small Team Edition 



• For Teams up to 1 Members 

• Free Single-User Installations 

• $495 for 5-Team Members 

• $995 for 10-Team Members 




8006530024 





asp.nelPRO 
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www.axosoft.com 



Best Project Management/ 

Defect Tracking 

OnTime 2006 Software 

Project Management System 

Axosoft 




Only $495 for up to 5 Users • Only $995 for up to 10 Users 

Free Single-User Installations 



